Subject Re: [firebird-support] Bingo! No real security there.
Author Ann W. Harrison
Johan van Zyl wrote:
> The FireBird security issue has been reaised many times in the Clarion NG's.
> I came to this forum, where the FIrebird experts hang out, to get some peace
> of mind, and report back to the Clarion community.

That's fine and reasonable. The answer to the question is that yes, you
can use the embedded engine to access any database, but the client
running the application has to have read write permissions to the
database file. With those permissions, the client could do anything -
with or without the embedded engine. The embedded engine can't open a
database that's already open with SuperServer.

For databases where security is important, the database file should be
accessible only by the firebird account or firebird group.