Subject Re: [firebird-support] How to let client to set user name
Author Helen Borrie
At 02:19 PM 23/01/2005 -0800, you wrote:

>Hello Developers,
>Before I post this my first message to the group, I
>spent quite amount of time searching the net but no
>success. Sorry if this is a -many times repeated-
>topic (since I'm quite new to FB):
>I created a simple delphi program which accesses to
>firebird DB thru the user_name that I setup using IB
>Expert. Everything works just fine, as expected. But
>I have no idea how to deploy to another machine with
>this or different user name. For example if you'd like
>to use my program how would you setup firebird
>username of your own or the one that I use?

The first thing to understand is that "users" in the database context are
users of the server, not of specific databases. For any user to get access
to a database, it must exist in security.fdb as a user of the Firebird
server. Then, any user can connect to any database. However, what the
user can *access* in that database depends on the SQL privileges that have
been set up *in the database*. Users, other than sysdba and the database
Owner (i.e. the server user that created the database, if other than
sysdba) have no privileges except those granted to them by object owners.

It's not usually a good idea to hard-code the user name or the password in
your application code. If you are deploying the application to different
sites, there's no way you can predict the users that the DBA will set
up. You can set up ROLEs in your DB to "package" sets of privileges, to
make the job of the DBA easier when installing your software and
database; but you will still need to supply a security application for the
sysdba to apply the local user accounts to the role.

Your end-user application should then require the clients to attach using
both the relevant role and their user name.

>Do you have to have IB Expert (or else?) for just defining

You can use a tool or you can write your own. Note that only the sysdba
user is allowed to create users; and writing your own security app does
provide a modicum of "security by obscurity". Of course, there is nothing
to stop a person with sysdba privileges from wrecking your database. Your
can't stop your customers doing stupid things but, if you *supply* (or
recommend) a destroy-all tool to your customer, you make yourself at least
partly responsible for any damage they do.

>I tried to copy my security.fdb file to target machine but didn't work.

It *can* work - at least, supplying a gbak of a "standard" security
database for your app and having your installer restore it over the top of
the one already installed on the server. DO NOT DO THIS unless you can be
absolutely certain that the site is not already using Firebird.

>Any clue would be greatly appreciated.

How you achieve what you need in Delphi depends a lot on the components you
have available. By far the simplest way to write an admin app is to use
the Services components, either those that come with Delphi 6 or higher, or
the IBOAdmin components if you are developing with IBObjects. The actual
coding of client programs is off-topic on this list, but both IBO and
FIBPlus have very active user lists.