Subject Re: [firebird-support] Embedded and "security"
Author Helen Borrie
At 11:53 PM 30/05/2007, you wrote:
>I'm very very new to Firebird, I'm still trying to figure out what
>version I should use. At first I thought the embedded version, was
>just what I needed, since I will only have direct access to the
>database from the same computer as where the database file is located.
>I would then benefit from a small and easy distribution.
>But I would also like just a little security, so that not anybody who
>has access to the database file could read it by logging in as sysdba
>and a dummy password.

They don't have to log in at all - the server code is embedded in the
client instance and server-level authentication is bypassed. They
only have to load the DLL.

>Is there any good or even bad protection to be made when using the
>embedded version?

Well, you can (and should) apply SQL privileges to all of your
objects. You will have to concoct a way for the appropriate user
name[s] and role[s] to be passed as a connection parameter without
hard-coding. If you are passing SYSDBA as the user name, though, you
might as well not bother. SYSDBA has full destructive privileges for

As far as Firebird is concerned, your database is a database. To the
rest of the Windows environment, it is just a file. If you want to
keep network intruders away from the database, put it in a directory
that can only be accessed by the Windows user that runs your
application. If the machine is on a network, prevent the directory
from being shared in any way. Provide similar protection for backup files.

And physically protect the machine if you don't want to invite
unauthorised people to get into it.