| Subject | RE: [ib-support] Firebird Deployment |
|---|---|
| Author | C Fraser |
| Post date | 2003-01-09T20:00:42Z |
Hi,
I am not an expert but I don't think this is quite right:
separate Interbase server where they know the SYSDBA password and access
the database from that server as SYSDBA. OR am I missing what you are
saying. Can I actually setup permissions in such a away that not even
the SYSDBA can access the data?
If the user doesn't know the SYSDBA password they can't setup another
server and attach to the DB on your server (unless you have shared the
directory that holds the database, which you don't want to do!).
The problem arises when the user has access to 'your' server, because
then they can replace your security database (or uninstall (and make
sure the security db is also uninstalled) and reinstall IB/Firebird) and
then look at your database. If you can be sure that the user does not
have access to 'your' server or they don't have admin permissions on it,
then you can be safe... Otherwise I am not sure.
Regards
Colin
-----Original Message-----
From: news@... [mailto:news@...] On Behalf Of
Marcus Monaghan
Sent: Thursday, 9 January 2003 9:00 p.m.
To: ib-support@yahoogroups.com
Subject: Re: [ib-support] Firebird Deployment
standard everyday user who can just about use a PC, but user A is a
developer who knows firebird/interbase and would therfore be able to get
hold of user B records by bringing up a console and manually write
scripts.
everything. If they don't know the password they can setup a separate
interbase server where they know the SYSDBA password and access the
database from that server as SYSDBA. OR am I missing what you are
saying. Can I actually setup permissions in such a away that not even
the SYSDBA can access the data?
This brings me onto my next topic of conversation (which I'll start a
new thread for as I can see it being quite topical), deployment to a
machine where interbase is already installed.
Regards,
Marcus.
To unsubscribe from this group, send an email to:
ib-support-unsubscribe@egroups.com
Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/
######################################################################
Attention:
The information in this email and in any attachments is confidential.
If you are not the intended recipient then please do not distribute,
copy or use this information. Please notify us immediately by return
email and then delete the message from your computer.
Any views or opinions presented are solely those of the author.
######################################################################
I am not an expert but I don't think this is quite right:
> My point is that if the user knows the SYSDBA password then they cansee everything. If they don't know the password they can setup a
separate Interbase server where they know the SYSDBA password and access
the database from that server as SYSDBA. OR am I missing what you are
saying. Can I actually setup permissions in such a away that not even
the SYSDBA can access the data?
If the user doesn't know the SYSDBA password they can't setup another
server and attach to the DB on your server (unless you have shared the
directory that holds the database, which you don't want to do!).
The problem arises when the user has access to 'your' server, because
then they can replace your security database (or uninstall (and make
sure the security db is also uninstalled) and reinstall IB/Firebird) and
then look at your database. If you can be sure that the user does not
have access to 'your' server or they don't have admin permissions on it,
then you can be safe... Otherwise I am not sure.
Regards
Colin
-----Original Message-----
From: news@... [mailto:news@...] On Behalf Of
Marcus Monaghan
Sent: Thursday, 9 January 2003 9:00 p.m.
To: ib-support@yahoogroups.com
Subject: Re: [ib-support] Firebird Deployment
> Permissions, sure. Perhaps I've missed something essential, but whyFrom my initial description I'm not worried about user B as they are a
> does user B have any access to user A's data at all? As long as they
> have different user names there's no reason they should be able to see
> each other's data, let alone destroy it.
standard everyday user who can just about use a PC, but user A is a
developer who knows firebird/interbase and would therfore be able to get
hold of user B records by bringing up a console and manually write
scripts.
> Even if they share tables, separate permissions can be enforced withMy point is that if the user knows the SYSDBA password then they can see
> views.
everything. If they don't know the password they can setup a separate
interbase server where they know the SYSDBA password and access the
database from that server as SYSDBA. OR am I missing what you are
saying. Can I actually setup permissions in such a away that not even
the SYSDBA can access the data?
This brings me onto my next topic of conversation (which I'll start a
new thread for as I can see it being quite topical), deployment to a
machine where interbase is already installed.
> Encryption is a problem - first, because secure encryptionThis is very true but I can't see another way of doing this.
> is very expensive and insecure encryption is ... well ... insecure.
Regards,
Marcus.
To unsubscribe from this group, send an email to:
ib-support-unsubscribe@egroups.com
Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/
######################################################################
Attention:
The information in this email and in any attachments is confidential.
If you are not the intended recipient then please do not distribute,
copy or use this information. Please notify us immediately by return
email and then delete the message from your computer.
Any views or opinions presented are solely those of the author.
######################################################################