--- In ib-support@y..., Daniel Rail <daniel@a...> wrote:

> At 08/03/2002 06:25 AM, you wrote:
>
> >It might be worthwile considering mapping OS users to Interbase

users

> >so Interbase can apply the OS privilages to file. This would do

away

> >with the proposed modifications to EXTERNAL_FILE_DIRECTORY
> >configuration. The solution would only require a child table linked
> >to the USERS table (in isc4.gdb).
>
> What happens when FB is used for a web server? Also, what happens

if the

> user is connecting from a remote location over the internet, which

he/she

> doesn't have to logon the server itself, except FB? We can't only

think of

> users on a LAN. We have to think this out more thoroughly. It

could

> happen that the external file is used by more than one user.
>

What happens now? What's the matter with what happens now?

> Also, I think there should be privileges on who can create/drop an

external

> file. I can see the administrator and the owner of the database

having

> those privileges and can assign them to other users.
>
> Gary, I don't dismiss your proposal, this is a brainstorm to find a

solution.

>

I see that there is a security problem that has to be resolved not
extra functionality required. The only security problem is the
Administrative rights of Interbase server can be passed on to an
unauthorised OS user.

I am not clear why you wish to invoke extra functionality - maybe
give an example.

>
> Daniel Rail
> Senior System Engineer
> ACCRA Group Inc. (www.accra.ca)
> ACCRA Med Software Inc. (www.accramed.ca)