At 10/22/2003 09:59 AM (Wednesday), norgepaul wrote:

>We have a customer that has a whole bunch of security demands for our
>Firebird powered application. I know it's a long shot, but can
>anybody tell me whether or not the following demands (or some of them)
>are possible by manipulating security.fdb or if any of the features
>have been implemented in FB1.5 (Encrypted passwords?).
>
>Any ideas would be much appreciated.

Some thoughts...

You certainly can implement all those requirements in your client
application by various means, including enhancements to the security
database. The first one, encrypted passwords passed over the wire, is
already done by Firebird 1.0 and 1.5.

The rest of them I would add to your application. Of course, your problem
is larger if you allow direct access to the database. In that case te
password usage is much harder to keep track of. You may have to limit usage
tracking to only applications which are under your control. You could
record each login for each account in the database. I would write a
password management daemon which runs on a server and periodically examines
the password usage/history/state to invalidate passwords on schedule.

Having a client application modify the passwords in the security database
has been done before. I think that would be an essential part of the solution.

All this is not easy to get right but certainly feasible.