| Subject | RE: [firebird-support] Telling if SYSDBA is logged on |
|---|---|
| Author | Helen Borrie |
| Post date | 2004-12-12T01:14:56Z |
At 11:33 AM 12/12/2004 +1100, you wrote:
inside the session that needs to, or does, validate your login against
security.fdb. Sure, permissions will be accessed; but permissions don't
care whether a user exists in security.fdb or not.
About the one thing I can think of that deleting a user whilst that user is
logged in would be the case where the application had to log in to another
database for a cross-database transaction, after the user had been deleted.
have a slight problem...since only SYSDBA (and no other) can modify
security.fdb or transfer SYSDBA's database-level privileges to another
user. Make a backup of your security.fdb and try it for yourself.
./hb
>yes - I was thinking that there was a possibility that someone could changeIt's possible; but once you are logged in ro your session, there's nothing
>the username SYSDBA to something else. But I see now that that's not
>possible (?).
inside the session that needs to, or does, validate your login against
security.fdb. Sure, permissions will be accessed; but permissions don't
care whether a user exists in security.fdb or not.
About the one thing I can think of that deleting a user whilst that user is
logged in would be the case where the application had to log in to another
database for a cross-database transaction, after the user had been deleted.
>You are told in GSEC docs that you have to delete a user and re-create oneNo exception. If you are SYSDBA you can delete SYSDBA and thereafter you
>if you ever want to change a username. I have never tried it but I imagine
>that you get an exception if you ever tried to delete SYSDBA?
have a slight problem...since only SYSDBA (and no other) can modify
security.fdb or transfer SYSDBA's database-level privileges to another
user. Make a backup of your security.fdb and try it for yourself.
./hb