| Subject | Re: [firebird-support] Security on Embedded FB |
|---|---|
| Author | chee hee |
| Post date | 2003-11-27T03:07:46Z |
I want to build a secure database application, which mean even if other have access to the database file, he/she cannot view the data.
For embedded FB, confirm that all it needs to log into database is userid, it doesn't care what password as long as the userid is correct.
I can create different databases with different owners (db owner for customer A is A_9io0, db owner for customer B is B_1yu8, etc) and all these owner id is only known to the application login layer.
So, user will not know the user id for the database. But then, if he/she knows sysdba user_id, they still can access the database.
Question is, how can I change the sysdba user_id to something else, like what I did for db owner_id.
Thanks.
Helen Borrie <helebor@...> wrote:
At 03:48 AM 25/11/2003 +0000, you wrote:
But if the invalid user doesn't have SQL privileges to anything in the
database, it doesn't do him any good.
hb
Yahoo! Groups SponsorADVERTISEMENT
To unsubscribe from this group, send an email to:
firebird-support-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
---------------------------------
Download Yahoo! Messenger now for a chance to WIN Robbie Williams "Live At Knebworth DVD"
[Non-text portions of this message have been removed]
For embedded FB, confirm that all it needs to log into database is userid, it doesn't care what password as long as the userid is correct.
I can create different databases with different owners (db owner for customer A is A_9io0, db owner for customer B is B_1yu8, etc) and all these owner id is only known to the application login layer.
So, user will not know the user id for the database. But then, if he/she knows sysdba user_id, they still can access the database.
Question is, how can I change the sysdba user_id to something else, like what I did for db owner_id.
Thanks.
Helen Borrie <helebor@...> wrote:
At 03:48 AM 25/11/2003 +0000, you wrote:
>Hi All,Yes, that's the reason.
>
>I have done a test on FB1.5 RC7 embed, it seems that even invalid userid
>and password can also log into the database.
>
>I understand that FB 1.5 RC7 embedded doesn't use security.fdb.
>Is it because so?
But if the invalid user doesn't have SQL privileges to anything in the
database, it doesn't do him any good.
hb
Yahoo! Groups SponsorADVERTISEMENT
To unsubscribe from this group, send an email to:
firebird-support-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
---------------------------------
Download Yahoo! Messenger now for a chance to WIN Robbie Williams "Live At Knebworth DVD"
[Non-text portions of this message have been removed]