Subject RE: [ib-support] Metadata opinions appreciated
Author Helen Borrie
At 01:53 PM 3/03/2003 +1000, you wrote:

> >You are creating your database with the sysdba user... I would recommend
> >creating another user and creating it with that other user.
>I have questions about this. Please correct my understanding of it all.
>Basically the server (ie Firebird) recognises particular users. (in my case
>only 'SYSDBA' with password 'masterkey'). The server resides on my system.

And on your system is the security database, named isc4.gdb. The SYSDBA is
the "superuser" for the whole server, so only this user can create or
modify users (which are server-wide, as well, and live in isc4.gdb).

>Now, I create a database, that database is created with one user

No. A database is created BY one user, and that user becomes the Owner of
that database. The owner has all privileges to that database. Sysdba,
even if not the Owner, has all privileges to it as well (as to all
databases residing on that server). No other user has any privileges in
any database, except what is specifically granted by the Owner or Sysdba
(via GRANT statements). Owner or sysdba can pass on ADMIN rights to
another user, which apply only to the specific privileges granted.

Instructions are in the LangRef (mainly).

>(can I create more in the metadata?). To create a Firebird database, the
>user that
>I specify in the metadata must be a valid user as recognised by the firebird


>So if I create an application that uses a firebird database, and that
>database is created by user 'johnDoe', then the firebird server that is
>running must recognise 'JohnDoe' or the application will fail??


>Probably I am asking a huge question, I do not know.
> > BTW - I hope you change the SYSDBA password too.
>...Would like to say yes, but the answer is no.
>So far I have really only used the IBAdmin tools to play with databases, not
>the server itself. But I am guessing it is using IBAdmin (or some tool like
>it) that I change the SYSDBA password.

You can use the command-line gsec tool. Instructions in the ops guide.

>What is stopping someone from taking a .gdb file (all hardware nasties
>aside) and copying it onto there system, and then opening it? Nothing I am

Absolutely nothing.

>Is it important to ensure that the actual .gdb file is protected from users?

Absolutely right. Don't run your Firebird server on a platform you can't
secure, both at file level and physically. The server room should be as
secure as you can possibly make it and the server and network must be

> >Are you developing in Delphi?
>Sort of, I am developing in Borland CBuilder.
>I have no idea, I have a list of controls on the Borland palette, but am
>only just about to figure out which ones I should be using.

That's a whole other can of worms. There has been a recent thread, but
it's a thread that comes up regularly. It would be a good thing for you to
acquaint yourself with the list archives. You can access a threaded
newsgroup mirror at news://