| Subject | Embedded and security |
|---|---|
| Author | Diego Barros |
| Post date | 2004-11-25T23:37:08Z |
Hi all,
Looking at the embedded database readme file I notice the following section:
2.3. Authentication and security
The security database (namely security.fdb) is not used
in the embedded server and hence is not required. Any
user is able to attach to any database. Since both
the server and the client run in the same address space,
the security becomes just an agreement between both
sides which can be easily compromised.
But note that SQL privileges are still checked.
Reading the first paragraph I think that anyone can connect to an embedded database and then read/write to whatever table they wish. But the last line confuses me a little. What is the difference between anyone being able to connect to the database and then having SQL privileges checked? I apologise for this newbie question.
Cheers,
Diego
Looking at the embedded database readme file I notice the following section:
2.3. Authentication and security
The security database (namely security.fdb) is not used
in the embedded server and hence is not required. Any
user is able to attach to any database. Since both
the server and the client run in the same address space,
the security becomes just an agreement between both
sides which can be easily compromised.
But note that SQL privileges are still checked.
Reading the first paragraph I think that anyone can connect to an embedded database and then read/write to whatever table they wish. But the last line confuses me a little. What is the difference between anyone being able to connect to the database and then having SQL privileges checked? I apologise for this newbie question.
Cheers,
Diego