| Subject | Re: [firebird-support] Firebird sysdba account |
|---|---|
| Author | Niben M Singh |
| Post date | 2008-08-14T13:13:16Z |
This is what I have tried.
1. Created new user/password using gsec.
2. Created new database using the new user as the owner.
But, I can still connect to this new database using SYSDBA/masterkey credential. Am I missing anything?
Niben
1. Created new user/password using gsec.
2. Created new database using the new user as the owner.
But, I can still connect to this new database using SYSDBA/masterkey credential. Am I missing anything?
Niben
--- On Thu, 8/14/08, Thomas Steinmaurer <ts@...> wrote:
From: Thomas Steinmaurer <ts@...>
Subject: Re: [firebird-support] Firebird sysdba account
To: firebird-support@yahoogroups.com
Date: Thursday, August 14, 2008, 12:48 AM
> ----- Original Message -----
> From: "Alexandre Benson Smith" <iblist@thorsoftware .com.br>
>> The problem with encryption is that you have to store the key on some
>> place (inside the aplication ?) not a so secure approach either.
>>
>> Another point is.. you will have problems to do inequality search with
>> encrypted data.
>>
>> There is no easy way to protect the data when one has physical access to
>> the database file.
>
> I understand that now, but what is the "proper" way to grant an application
> access to the database? At the moment I have the default sysdba password
> hardcoded in my app, but if the user changes their sysdba password, which
> most people with Firebird really should for security, then they cannot
> access my application.
Pretty simple, don't use SYSDBA as owner for deployment!! !
http://blog. upscene.com: 8080/thomas/ index.php? entry=entry08073 0-233217
> Is the "proper" way to grant an application access to the database to use
> the sysdba user, or is it to create a new user in the Firebird security
> database (and if so can you do that the first time the application is run
> when a person installs the application) ?
Create your own application user which is the owner of the database and
the owner of tables, views, stored procedures.
You can create a new user with gsec or the services api, but here, you
need again SYSDBA, so it's some kind of chicken/egg problem. ;-)
--
Best Regards,
Thomas Steinmaurer
LogManager Series - Logging/Auditing Suites supporting
InterBase, Firebird, Advantage Database, MS SQL Server and
NexusDB V2
Upscene Productions
http://www.upscene. com
My blog:
http://blog. upscene.com/ thomas/
[Non-text portions of this message have been removed]