Roland,

> changing the password for the user "sysdba" to something other than
> "masterkey" is no problem, but can I also use another username than
> "sydba" for the superuser? All of my tries to change the entries of the
> security.fdb (FB 1.5b2 / Win32) under control of the database itself
> where not successful.
>
> Background is, that if I could avoid the user "sysdba" it doesn't matter
> if someone would have access to backup files of the firebird database,
> because he has no security database allowing any access to the database.
> Otherwise a new initialized security database is something like a golden
> key.

The main thing you should be aware of is that the current
Firebird security model on physical database files is in
the hand of your operating system.

If someone has physical access to your database file or
someone has a workable backup of your database, then you
have simply lost. I know, not very neat, but it's the
reality.

Btw, reviewing security issues for Firebird 1.5 is on the
high priority list! The FirebirdSQL Foundation will grant
money to a person who is already working in this area to
improve/solve some security issues.

<advertisment>
If you would like to support the Firebird development in a
financial way, then become a member of the FirebirdSQL
Foundation. http://www.firebirdsql.org/ff/foundation
</advertisment>



Cheers,
Thomas.