> > Also, I think there should be privileges on who can create/drop an
> external
> > file. I can see the administrator and the owner of the database
> having
> > those privileges and can assign them to other users.
> >
> > Gary, I don't dismiss your proposal, this is a brainstorm to find a
> solution.
> >
>
> I see that there is a security problem that has to be resolved not
> extra functionality required. The only security problem is the
> Administrative rights of Interbase server can be passed on to an
> unauthorised OS user.
>
> I am not clear why you wish to invoke extra functionality - maybe
> give an example.

Because there's more to the security problem then just this.

InterBase/Firebird security isn't the best - you saw that yourself.
Anyone who has access to a database can create databases,
tables, external tables etc - this is a problem. And it's not easy to
resolve it quickly.

Perhaps we should think about a more complicated security model
for Firebird 2 instead of creating ad-hoc solutions for the current
problem (which is just one of many security related problems).


Just my 2Euro cents...

Martijn Tonies
InterBase Workbench - the developer tool for InterBase and Firebird
http://www.interbaseworkbench.com

Upscene Productions
http://www.upscene.com

"This is an object-oriented system.
If we change anything, the users object."