| Subject | Firebird Security |
|---|---|
| Author | Ian A. Newby |
| Post date | 2002-10-08T11:31:40Z |
Hi All,
I am in the process of tying down the security of a Firebird based
application we are developing. Currently we have the following
situation.
1. Our database is owned by a user other than sysdba.
2. There is a role in our database called sysdba to stop sysdba
access.
3. Our isc4.gdb file has been modified in a similar manner to that
proposed by Ivan Prenosil
(http://www.volny.cz/iprenosil/interbase/ip_ib_isc4.htm) with a
number of changes - The log file is removed (to stop user names
being identified) and the users view is modified so that the
database owner, not sysdba is the user able to see all users.
Just a few questions.
1. Backup. Who is able to backup a database? Any user or only
specific users?
2. Will this scheme stop users copying the isc4 and our database to
another machine and getting access to the contents?
Regards
Ian Newby
I am in the process of tying down the security of a Firebird based
application we are developing. Currently we have the following
situation.
1. Our database is owned by a user other than sysdba.
2. There is a role in our database called sysdba to stop sysdba
access.
3. Our isc4.gdb file has been modified in a similar manner to that
proposed by Ivan Prenosil
(http://www.volny.cz/iprenosil/interbase/ip_ib_isc4.htm) with a
number of changes - The log file is removed (to stop user names
being identified) and the users view is modified so that the
database owner, not sysdba is the user able to see all users.
Just a few questions.
1. Backup. Who is able to backup a database? Any user or only
specific users?
2. Will this scheme stop users copying the isc4 and our database to
another machine and getting access to the contents?
Regards
Ian Newby