| Subject | RE: [ib-support] Metadata opinions appreciated |
|---|---|
| Author | Helen Borrie |
| Post date | 2003-03-03T04:02:02Z |
At 01:53 PM 3/03/2003 +1000, you wrote:
the "superuser" for the whole server, so only this user can create or
modify users (which are server-wide, as well, and live in isc4.gdb).
that database. The owner has all privileges to that database. Sysdba,
even if not the Owner, has all privileges to it as well (as to all
databases residing on that server). No other user has any privileges in
any database, except what is specifically granted by the Owner or Sysdba
(via GRANT statements). Owner or sysdba can pass on ADMIN rights to
another user, which apply only to the specific privileges granted.
Instructions are in the LangRef (mainly).
secure, both at file level and physically. The server room should be as
secure as you can possibly make it and the server and network must be
firewalled.
it's a thread that comes up regularly. It would be a good thing for you to
acquaint yourself with the list archives. You can access a threaded
newsgroup mirror at news://atkin.com
heLen
> >You are creating your database with the sysdba user... I would recommendAnd on your system is the security database, named isc4.gdb. The SYSDBA is
> >creating another user and creating it with that other user.
>I have questions about this. Please correct my understanding of it all.
>Basically the server (ie Firebird) recognises particular users. (in my case
>only 'SYSDBA' with password 'masterkey'). The server resides on my system.
the "superuser" for the whole server, so only this user can create or
modify users (which are server-wide, as well, and live in isc4.gdb).
>Now, I create a database, that database is created with one userNo. A database is created BY one user, and that user becomes the Owner of
that database. The owner has all privileges to that database. Sysdba,
even if not the Owner, has all privileges to it as well (as to all
databases residing on that server). No other user has any privileges in
any database, except what is specifically granted by the Owner or Sysdba
(via GRANT statements). Owner or sysdba can pass on ADMIN rights to
another user, which apply only to the specific privileges granted.
Instructions are in the LangRef (mainly).
>(can I create more in the metadata?). To create a Firebird database, theYes.
>user that
>I specify in the metadata must be a valid user as recognised by the firebird
>server.
>So if I create an application that uses a firebird database, and thatYes.
>database is created by user 'johnDoe', then the firebird server that is
>running must recognise 'JohnDoe' or the application will fail??
>Probably I am asking a huge question, I do not know.You can use the command-line gsec tool. Instructions in the ops guide.
>
> > BTW - I hope you change the SYSDBA password too.
>...Would like to say yes, but the answer is no.
>So far I have really only used the IBAdmin tools to play with databases, not
>the server itself. But I am guessing it is using IBAdmin (or some tool like
>it) that I change the SYSDBA password.
>What is stopping someone from taking a .gdb file (all hardware nastiesAbsolutely nothing.
>aside) and copying it onto there system, and then opening it? Nothing I am
>thinking..
>Is it important to ensure that the actual .gdb file is protected from users?Absolutely right. Don't run your Firebird server on a platform you can't
secure, both at file level and physically. The server room should be as
secure as you can possibly make it and the server and network must be
firewalled.
> >Are you developing in Delphi?That's a whole other can of worms. There has been a recent thread, but
>Sort of, I am developing in Borland CBuilder.
>
>I have no idea, I have a list of controls on the Borland palette, but am
>only just about to figure out which ones I should be using.
it's a thread that comes up regularly. It would be a good thing for you to
acquaint yourself with the list archives. You can access a threaded
newsgroup mirror at news://atkin.com
heLen