| Subject | Security Issues .:. Execute Statement |
|---|---|
| Author | Sérgio Marcelo @ Smace .com . br |
| Post date | 2004-08-13T20:08:14Z |
Subject: Security Issues
I am a Newbie. Please, be patience with me! :)
I have 6 doubts about using Firebird.
1) How do I allow a user to only have access to just some folders in the firebird server?
ie. User GUEST1 only may have access to: C:\DB\GUEST1.
ie. User GUEST2 only may have access to: C:\DB\GUEST2 and C:\DB\Group2.
I know already the variable "DatabaseAccess" but it hasnt solved it.
2) How do I log/get the IP of USERS logged in the database?
3) How do I prevent a user of chaging the Database Structure of a specific database, ie. Do not allowing him to create new tables, triggers, domains etc. Using views?
4) "Execute Statement" seems to be very dangerous. Once all users may change DB structure.
I was thinking about one situation, if we create one view and in this view Execute one SP like this:
SP.... If (User = 'SYSDBA' OR User='SMACE') then EXECUTE STATEMENT 'DROP TBLX;'; ... END;
If the SYSDBA or any other powerfull user see this view, the "execute statement" will be triggered.
In this SP/Trigger we may clear our path (if we're SYSDBA). I've done it already, and it seems to work.
So, does anybody have more info about it? Am I wrong? Please, say yes! =)
5) How do I prevent some specific users of viewing the full structure of my databases?
please, don't tell me to create one view of each table...
Sorry for my basic english. It's all for now.
Thank you for have read up to here.
Sérgio Marcelo
smace@...
ICQ # 127.683.347
[Non-text portions of this message have been removed]
I am a Newbie. Please, be patience with me! :)
I have 6 doubts about using Firebird.
1) How do I allow a user to only have access to just some folders in the firebird server?
ie. User GUEST1 only may have access to: C:\DB\GUEST1.
ie. User GUEST2 only may have access to: C:\DB\GUEST2 and C:\DB\Group2.
I know already the variable "DatabaseAccess" but it hasnt solved it.
2) How do I log/get the IP of USERS logged in the database?
3) How do I prevent a user of chaging the Database Structure of a specific database, ie. Do not allowing him to create new tables, triggers, domains etc. Using views?
4) "Execute Statement" seems to be very dangerous. Once all users may change DB structure.
I was thinking about one situation, if we create one view and in this view Execute one SP like this:
SP.... If (User = 'SYSDBA' OR User='SMACE') then EXECUTE STATEMENT 'DROP TBLX;'; ... END;
If the SYSDBA or any other powerfull user see this view, the "execute statement" will be triggered.
In this SP/Trigger we may clear our path (if we're SYSDBA). I've done it already, and it seems to work.
So, does anybody have more info about it? Am I wrong? Please, say yes! =)
5) How do I prevent some specific users of viewing the full structure of my databases?
please, don't tell me to create one view of each table...
Sorry for my basic english. It's all for now.
Thank you for have read up to here.
Sérgio Marcelo
smace@...
ICQ # 127.683.347
[Non-text portions of this message have been removed]