> my only problem is the SYSDBA account, it's the only weakness
> of security, but as one cannot remove the SYSDBA user, my
> data base remains accessible to all that can copy my fdb file
> despite username and password !

SYSDBA is not the only weakness. The weakness is any direct
access to the database file. If I can read your database file
I dont need SYSDBA - I can always just recompile the FB source
to let me read the data directly, bypassing the security
database completely.

> For an other way, any can say me if it's exist an trigger or
> event when a user connect on database that call a script ?
> this simple way allow to protect all fdb file's from any
> intrusion !!!! with this simple connect function I have the
> solution for efficient protect my fdb files

See above. I just run a copy of FB that does not call the
event - an any of many other ways. If I want to see your
metadata, or the users data, all I need is access to the file.

Dont get fooled by the various sorts of "security" you see
on other products. If there is not a private encryption key
involved that must be manually (or hardware) provided every
time the server opens the database, then the best you are
hoping for is security by obscurity.


Encryption is the only way to give you the sort of security
that you seem to be looking for and my previous email discusses
the problems involved.


--
Geoff Worboys
Telesis Computing