| Subject | Re: [firebird-support] Embedded and security |
|---|---|
| Author | Nando Dessena |
| Post date | 2004-11-26T08:03:03Z |
Diego,
D> The security database (namely security.fdb) is not used
D> in the embedded server and hence is not required. Any
D> user is able to attach to any database. Since both
D> the server and the client run in the same address space,
D> the security becomes just an agreement between both
D> sides which can be easily compromised.
D> But note that SQL privileges are still checked.
D> Reading the first paragraph I think that anyone can connect to
D> an embedded database and then read/write to whatever table they
D> wish.
that's not what it says. The security database is only used for user
authentication, so what's missing in the embedded model is just that:
you can connect with whatever user name & password.
D> But the last line confuses me a little. What is the
D> difference between anyone being able to connect to the database and
D> then having SQL privileges checked? I apologise for this newbie
D> question.
The database stores privileges for users and roles on the database's
objects, so whatever user (and, optionally, role) you have used for
connection must have enough privileges to do what you need to do on
the database.
Example: let's say you have a database without any privileges defined
except for the default settings. You connect to it via fbembed with
user name SYSDBA; you get in with whatever password you wish, and you
can do anything because you're SYSDBA. Then you connect with user name
FOO; again you are allowed to log in whatever the password, but you
cannot do much because the database doesn't have any privilege
recorded for user FOO. Analogous examples can be produced for roles.
HTH
--
Nando Dessena
http://www.flamerobin.org
======================================================
I support Firebird, I am a Firebird Foundation member!
Join today at http://www.firebirdsql.org/ff/foundation
======================================================
D> The security database (namely security.fdb) is not used
D> in the embedded server and hence is not required. Any
D> user is able to attach to any database. Since both
D> the server and the client run in the same address space,
D> the security becomes just an agreement between both
D> sides which can be easily compromised.
D> But note that SQL privileges are still checked.
D> Reading the first paragraph I think that anyone can connect to
D> an embedded database and then read/write to whatever table they
D> wish.
that's not what it says. The security database is only used for user
authentication, so what's missing in the embedded model is just that:
you can connect with whatever user name & password.
D> But the last line confuses me a little. What is the
D> difference between anyone being able to connect to the database and
D> then having SQL privileges checked? I apologise for this newbie
D> question.
The database stores privileges for users and roles on the database's
objects, so whatever user (and, optionally, role) you have used for
connection must have enough privileges to do what you need to do on
the database.
Example: let's say you have a database without any privileges defined
except for the default settings. You connect to it via fbembed with
user name SYSDBA; you get in with whatever password you wish, and you
can do anything because you're SYSDBA. Then you connect with user name
FOO; again you are allowed to log in whatever the password, but you
cannot do much because the database doesn't have any privilege
recorded for user FOO. Analogous examples can be produced for roles.
HTH
--
Nando Dessena
http://www.flamerobin.org
======================================================
I support Firebird, I am a Firebird Foundation member!
Join today at http://www.firebirdsql.org/ff/foundation
======================================================