| Subject | Re: [firebird-support] Define users |
|---|---|
| Author | Paul Vinkenoog |
| Post date | 2004-06-28T13:43:22Z |
Hi Alfred,
security database. You always want to change SYSDBA's password to
something other than 'masterkey'. SYSDBA's password should not be
known to ordinary users.
If you create a new database, you always have to connect to the server
first, and make yourself known with a valid username and password.
'Valid' meaning here that the user must exist in Firebird's security
database, which is not the same as existing as a user on the computer
system.
When the database is created, that user becomes owner of the database.
Other users can connect to the database but have no access to the data
unless you explicitly grant them such access. So, by managing users on
the Firebird server and managing access rights in the databases, you
control who has access to which database (or even to which objects in
a database, and if they have read-only access, read-write, etc.)
SYSDBA however has access to all databases. That's why you don't want
that password to be known all over the place!
For more information, please have a look at:
Operations Guide, chapter: Database Security
Data Definition Guide, chapter: Planning Security
If you don't have those docs, you can pick them up here:
http://www.firebirdsql.org/index.php?op=doc&id=userdoc
(under "InterBase 6 manuals").
Greetings,
Paul Vinkenoog
> I am still trying to find a way to host secure and unsecureSYSDBA and other users are defined server-wide, in the so-called
> databases on one machine. The unsecure databases uses the
> SYSDBA/masterkey combination. Can I drop the SYSDBA user from a new
> DB and define a new user in its place? Or can I revoke all rights
> from the SYSDBA user?
security database. You always want to change SYSDBA's password to
something other than 'masterkey'. SYSDBA's password should not be
known to ordinary users.
If you create a new database, you always have to connect to the server
first, and make yourself known with a valid username and password.
'Valid' meaning here that the user must exist in Firebird's security
database, which is not the same as existing as a user on the computer
system.
When the database is created, that user becomes owner of the database.
Other users can connect to the database but have no access to the data
unless you explicitly grant them such access. So, by managing users on
the Firebird server and managing access rights in the databases, you
control who has access to which database (or even to which objects in
a database, and if they have read-only access, read-write, etc.)
SYSDBA however has access to all databases. That's why you don't want
that password to be known all over the place!
For more information, please have a look at:
Operations Guide, chapter: Database Security
Data Definition Guide, chapter: Planning Security
If you don't have those docs, you can pick them up here:
http://www.firebirdsql.org/index.php?op=doc&id=userdoc
(under "InterBase 6 manuals").
Greetings,
Paul Vinkenoog