| Subject | RE: [firebird-support] Security Issues .:. Execute Statement |
|---|---|
| Author | Alan McDonald |
| Post date | 2004-08-14T05:56:05Z |
Unlike MySQL, Firebird never lists the available databases at the server.
Use aliases to completely defeat even the granted user from knowing the
physical location of the database they are using.
But there is no stopping a user who is granted access to the server and then
access to the database, from making metadata additions. That user will thus
be the owner of those additions and will thus have the permission to delete
those additions or modify them. That user will also have the ability to
grant the use of those additions to others.
That same user will only have the ability to access other objects to which
he/she has been granted access to. You can simply deny that user from
accessing anything on a database if you want.
Alan
Use aliases to completely defeat even the granted user from knowing the
physical location of the database they are using.
But there is no stopping a user who is granted access to the server and then
access to the database, from making metadata additions. That user will thus
be the owner of those additions and will thus have the permission to delete
those additions or modify them. That user will also have the ability to
grant the use of those additions to others.
That same user will only have the ability to access other objects to which
he/she has been granted access to. You can simply deny that user from
accessing anything on a database if you want.
Alan