| Subject | Re: database users question |
|---|---|
| Author | Adam |
| Post date | 2007-10-22T21:19:27Z |
--- In firebird-support@yahoogroups.com, "martinknappe" <martin@...>
wrote:
You have keys to enter your house, no? How potentially insecure. If a
thief was to get hold of your keys, they could enter your house and
have access to belongings they may not be authorised to have.
The question beckons:
Why do your users have any file system access to the database file?
The Quick Start Guide and practically every similar document I have
seen explicitly advise you against such a practice.
Adam
wrote:
>Well of course!
> --- In firebird-support@yahoogroups.com, Michael Weissenbacher
> <mw@> wrote:
> >
> > Hi,
> > > would user 'martin' on machine 2 have the same access rights
> > short answer: yes
>
> that's interesting; i have always asked myself that question.
> isn't that a potential security problem? after all, as soon as someone
> gets their hands onto a database file and gets to copying that file
> unto their own machine and setting up the user name of someone whose
> data they want access to, they would be able to see all the data they
> might not be authorised to see!
You have keys to enter your house, no? How potentially insecure. If a
thief was to get hold of your keys, they could enter your house and
have access to belongings they may not be authorised to have.
The question beckons:
Why do your users have any file system access to the database file?
The Quick Start Guide and practically every similar document I have
seen explicitly advise you against such a practice.
Adam