| Subject | Re: [firebird-support] Embedded server security |
|---|---|
| Author | Martijn Tonies |
| Post date | 2005-11-28T14:29:33Z |
Hi,
check user names at all.
I must admit I'm surprised that SQL privileges work, given the "no user"
nature of embedded. But, as this seems to work, or at least, for a bit, you
could try to create a role SYSDBA by doing an INSERT into RDB$ROLES.
--
Martijn Tonies
Database Workbench - tool for InterBase, Firebird, MySQL, Oracle & MS SQL
Server
Upscene Productions
http://www.upscene.com
Database development questions? Check the forum!
http://www.databasedevelopmentforum.com
> Is it possible to disable access to an embedded database with theNo, you cannot disable that. As you have found out, Embedded doesn't
> SYSDBA account?
> Indeed it seems that with the embedded version of Firebird, you don't
> have to specify a password when you connect to the database (no use of
> security.fdb). Only SQL privilegies are checked. I've created a
> database with a specific username/password and I would like to use
> this database with an embedded server. However, with this embedded
> version, the SYSDBA user can always connect to the database and he's
> got all SQL privilegies! It can be a problem for the application I'm
> working on...
check user names at all.
I must admit I'm surprised that SQL privileges work, given the "no user"
nature of embedded. But, as this seems to work, or at least, for a bit, you
could try to create a role SYSDBA by doing an INSERT into RDB$ROLES.
--
Martijn Tonies
Database Workbench - tool for InterBase, Firebird, MySQL, Oracle & MS SQL
Server
Upscene Productions
http://www.upscene.com
Database development questions? Check the forum!
http://www.databasedevelopmentforum.com