> Hi,
>
> I have a machine installed firebird services. I created a database
> using the command:
>
> CREATE DATABASE 'DEVSVR:d:\mydb.fdb'
> USER 'SYSDBA' PASSWORD 'ABC123456'
> PAGE_SIZE 16384
> DEFAULT CHARACTER SET UNICODE_FSS;

This bit I'm suspicious of - I can't do this unless the password in correct.
Can you check this again?

>
> In gsec I can only connect to it by password "masterkey", instead of
> mydb.fdb password "ABC123456".

correct.

>
> gsec -user sysdba -password masterkey d:\mydb.fdb -->pass
> gsec -user sysdba -password ABC123456 d:\mydb.fdb -->fail
>

correct

> I believe gsec is connecting in superserver mode, while the same
> problem happens for embedded mode.
>

embedded connections bypass all security by design. security is totally left
to you an the OS in this mode.

> But on a machine *without* firebird service, when connecting to
> mydb.fdb in embedded mode, and the password of 'ABC123456' works.

correct because security is bypassed in embedded.

>
> Since on superserver, the database password 'ABC123456' is bypassed,
> is this a security glitch?
>

no

> Thanks,
> Sean
>

Alan