I have a related question on this matter. The security.fdb is quiet
secure if the fbserver is running, but if when the fbserver is
shutdown, the security.fdb will then be replacabled.
1)Is there a way to secure the password and userid?
2)Data confidential is priority to users, I believe using
security.fdb as the db security access control is still not good
enough.
3)Can the security be set in the db itself instead of server base?


--- In firebird-support@yahoogroups.com, Helen Borrie <helebor@t...>
wrote:

> At 01:28 AM 31/05/2004 +0000, you wrote:
> >Is it possible to change a firebird user password from isql? I've

seen

> >references that it is possible with talk about a hash function

but the

> >only links I have found appear to be in Russian...
> >
> >C
>
> Are you sure you don't mean "hack"? You can log in to

security.fdb as

> SYSDBA and update the password field with an ordinary UPDATE
> statement...but the password stored will be in plain text, not
> encrypted. The FreeUDFLib has an external function that will

convert the

> clear input to the encrypted form using the same algorithm that is

used by

> gsec:
>
> declare external function f_IBPassword
> cstring(32)
> returns
> cstring(32) /* free_it */
> entry_point 'IBPassword' module_name 'FreeUDFLib.dll';
>
> If you want to understand the algorithm (and you understand

Pascal) you can

> look at the FreeUDFLib sources.
>
> But the question is, why would you want to use isql to modify

passwords,

> instead of gsec, which is designed for this purpose?
>
> /heLen