Subject Re: [ib-support] previleges according to date
Author Doug Chamberlin
At 12/28/2002 06:23 AM (Saturday), duilio_fos <irel_llc@...> wrote:
>I need to define 3 different roles:
>1. superuser, with all privileges (no problem here)
>2. coordinator, with the ability to add, delete or modify any row
>3. normal_user, with the ability to add, delete or modify only rows
>with field date>=today
>I thought to give all previleges to coordinators only.
>Normal users will be able to insert/delete/modify rows thru SPs.
>These SPs will check the field date value against the current date.
>However I see a big security hole: normal users could change the PC
>date and modify whatever row they want.
>Is there any better solution ?

If Firebird is on a database server then the user's time settings are not
relevant. Are you saying the database and Firebird reside on the user's

Trying to limit a user's access to data which is located on his own machine
is an exercise in futility.

Perhaps, if you know the user's machine is connected to the Internet, have
your application use the network time protocol to fetch the "real" time
from a time server and not use the PC's time setting?