Subject Re: User level database logins
Author Adam
--- In, "rodbracher" <rod@m...> wrote:
> Hi
> I want to have users login on a database level for enhanced auditing
> with the IBLogmanager tool.
> Problem is - if I grant rights to these users, they can download any
> tool - like EMS Manager and login. They can view all datastructures
> etc. Is there some way of users not being able to view metadata?
> I have thought of encryption - so the users login name drills down to
> some other name in ISC4.GDB. This would just mean un-encrypting to get
> readable user logged activity.


The main problem with encryption is that you need to secure the key or
it is useless. Also, given Firebird is open source, a malicious person
could quite easily compile there own custom build of the database
which does not include this encryption.

The easiest work around is to write your own wrapper program for gsec,
and first hash the users password before sending it to gsec. Then the
user does not know their true Firebird password.