Subject Re: [firebird-support] Important security question
Author Helen Borrie
At 03:09 PM 17/09/2003 +0200, you wrote:
> >>I want to guarantee that some malicious user (dissatisfied with job salary
> >>;-) could not create and populate so big database on server that will use
> >>all available disk space (could it be recognized as Denial of Service
> >>attack ?)
>H> Restrict database access to be only in specified directory
>H> roots. Don't give ordinary users any filesystem permissions to these
>H> locations.
>Unfortunately this does not help, since the firebird user will need
>full access to those folders regardless of ordinary user limitations.
>I don't know of a way to avoid this, short of using quotas.
>I would be really glad to hear of one, though.

Well, the obvious way to avoid it is not to give anyone the firebird user's
password - I mean the operating system user named firebird which owns the
server process.

If you are talking about "firebird users", meaning database users, they
don't need filesystem privileges to access the database files or the server
location and they should not have it.