|Re: [firebird-support] Real problem with permissions
|André Knappstein, Controlling
> The table is only created by my app using committed isolation. The customerMy understanding of Firebird is too limited to create the full horror
> can access the database using Lotus Notes and ODBC, could it be possible
> that this is causing a problem?
scenario, but looking at all the settings a user can make in an ODBC
DSN I think that he can probably do a lot of damage as well.
>> It is by the way fairly easy to create a mapping "windowsHe in any case has that control, if he wishes, unless you came up with
>> user/application user/database user". That way you would not
>> only have user "PAUL" logged in, and could make use of some
>> wonderful monitoring/logging functions.
> I assume that if I did that the customer system admin could be in control of
> database access - which I wouldnt want.
a pretty tough installation involving encryption and other things.
I usually have my application log-in with a restricted "PAUL" as well,
but the only thing you can do with that log-on is to read the
encrypted mappings of windows user names to application user names to
Firebird user names.
That security is not too high, but I won't need higher around here,
and it enables me to use monitoring and logging functions related to
The remote admin can always copy the database to another server where
he is the SYSDBA. Even if you blocked the SYSDBA access this will
practically give him enough time to decyphre everything. But it's
always good to keep a remote admin believing that he either CANnot do
anything, or that it would be awfully dangerous if he did :)
I have the privilege of being the only admin for my application and
for the database and for the network...