At 11:29 PM 24/05/2005 +0000, Sam Hunt wrote:

> > "Users" are NOT normally allowed to log into the FB server.

Ummm...users can't "use" unless they log into the FB server.

> > Why are yours?
> > Your app should be providing appropriate privleges/access rights to
> > necessary data.
> >
>
>Because security should be the responsibility of the server, not a
>client application. I want to give users the freedom to use any FB
>client they want, IBOconsole, IB_SQL , ibWebAdmin or whatever.

While it's true that you can't prevent user JOEBLOW from creating his own
database objects, it's also true that JOEBLOW is the only user, other than
SYSDBA, who can do anything with those objects. Not even the database
owner has any privileges on those objects.

Of course, JOEBLOW has the right to grant privileges on his objects to
other users so, theoretically, JOEBLOW could be part of an enterprise-wide
conspiracy to blow your database out of the water by filling it up with
extraneous objects and then filling those objects with corrupt data that
will prevent the database from being restored, or to make DoS attacks on
the company systems by running rogue queries ad hoc.

So - you're quite right - don't deploy Firebird 1.x into organisations with
that kind of freedom in their culture.

./hb