Subject | RE: [firebird-support] Embedded server/database security |
---|---|
Author | Alan McDonald |
Post date | 2005-01-28T03:37:55Z |
> Well, it's only correct if the tool is located in the applicationthe tool doesn't have to be in the application directory. I use IBExpert
> directory.
with the embedded server as the client library. I can therefore connect to
any database sitting anywhere locally without a local server running) AND
remotely to a server.
> It's not true if the database is installed on abut Peter is referring to an embedded server app with an adjacent database.
> machine that is
> running the Firebird "full" server
> and Database Workbench (or some otherin the context of the database file floating around for any tom, dick or
> tool) is installed out of reach of the embedded server library. The full
> server always requires a user name and password.
>
> It's also not true that the FDB that you ship has "no security
> whatsoever",
harry to poke around inside it with any tool they fancy, I'm afraid "no
secuity whatsoever" is a more accurate description of reality.
If someone were wanting to look into the file, they wouldn't be thwarted by
a failed login via your application.
> unless you ship your FDB with no SQL privileges defined. DefineI don't know what you mean about it having to be installed in the
> privileges
> for a specific user name and/or role -- that is a variable in the
> application -- and pass this as part of the connection string. You can
> have the user "log in" using this username as her "password" and
> block any
> other username, including sysdba, from getting past your login
> prompt. Then, at least as far as the application is concerned, you lock
> out rogue users.
>
> (But it won't stop anyone who installs DB Wb or isql or whatever into the
> app directory, since they can use sysdba in their login and get access to
> everything. So write it into the contract that you won't take
> responsibility for security breaches resulting from user misbehaviour or
> sloppy site security).
>
> ./heLen
application directory. I have no such impediment to using the embedded
server on any file on my disk.
Alan