| Subject | Re: [firebird-support] Re:Re: Create User? |
|---|---|
| Author | Doug Chamberlin |
| Post date | 2003-11-01T02:29:15Z |
At 10/31/2003 08:46 PM (Friday), Daniel Rail wrote:
Delphi source so it is not that hard to have a client app which asks the
user for the password they want to use and store it directly into the
security database using SQL. What becomes especially important here is SQL
permissions on the security database tables and views and also triggers
which enforce change restrictions properly. You don't want any old user
changing the password of any other user.
I built a SQL-based user admin system a couple of years ago in Delphi and
it worked fine. It included a UDF in Delphi which returned the full path to
the security database so the client application did not have to assume it
was anywhere specific on the server.
>Don't forget that the password is encrypted in security.fdb. So, itThe encryption method has been available for several years in both C and
>would be possible to insert a new user without a password, unless you
>know the exact encryption that is being used.
Delphi source so it is not that hard to have a client app which asks the
user for the password they want to use and store it directly into the
security database using SQL. What becomes especially important here is SQL
permissions on the security database tables and views and also triggers
which enforce change restrictions properly. You don't want any old user
changing the password of any other user.
I built a SQL-based user admin system a couple of years ago in Delphi and
it worked fine. It included a UDF in Delphi which returned the full path to
the security database so the client application did not have to assume it
was anywhere specific on the server.