| Subject | Re: [firebird-support] How do I prevent non-SYSDBA user from seeing DB structure? |
|---|---|
| Author | Ann W. Harrison |
| Post date | 2008-11-09T16:34:49Z |
Zd wrote:
database is done with the access rights gained on login. If
the user couldn't read the metadata, no queries could be compiled.
However, you can delete the source of your procedure and keep
only the "blr" format of it which is harder to read. But
basically, storing the sysdba password in the database is not
clever. There's a good paper on securing metadata which I
can't find at the moment. I'm sure someone will post a link
to it.
Best
>You can't. By design, all aspects of the user's access to the
>
> Now the user can't read or modify any data, but it can see
> database metadata! The biggest problem is that the new user
> sees the code of my stored procedure, which has the SYSDBA
> password built-in!
>
> So the question is:
> How do I revoke the new user's rights to see database metadata?
>
database is done with the access rights gained on login. If
the user couldn't read the metadata, no queries could be compiled.
However, you can delete the source of your procedure and keep
only the "blr" format of it which is harder to read. But
basically, storing the sysdba password in the database is not
clever. There's a good paper on securing metadata which I
can't find at the moment. I'm sure someone will post a link
to it.
Best