| Subject | Re: [firebird-support] Re: database users question |
|---|---|
| Author | Doug Chamberlin |
| Post date | 2007-10-22T20:47:45Z |
At 04:45 PM 10/22/2007, martinknappe wrote:
Some products provide facilities to hinder this but most are flawed enough
to be thwarted.
In the end once you have physical possession of the data you have access to it.
>that's interesting; i have always asked myself that question.Yes, and that situation exists for any RDBMS right out of the box.
>isn't that a potential security problem? after all, as soon as someone
>gets their hands onto a database file and gets to copying that file
>unto their own machine and setting up the user name of someone whose
>data they want access to, they would be able to see all the data they
>might not be authorised to see!
Some products provide facilities to hinder this but most are flawed enough
to be thwarted.
In the end once you have physical possession of the data you have access to it.