|Subject||Re: [firebird-support] Re: Firebird - no security??? Seems unbelievable....|
> Then log as this user and create role named SYSDBA, not by create role command, use direct access to RDB$ROLES and INSERT command. Name Your user as an owner of this role.But from security POV all this is useless as well. Yes, SYSDBA can't
> Now the only one user that can access database is Your user, SYSDBA cannot connect nor using embedeed server.
> It's very usefull to use Your own users, than SYSDBA, because You can fully controll the access of these users to database.
access this database anymore, but it will take a couple of minutes to
find out name of "Your user" and a minute later I will be logged in as
this user with full destructive power.
On the other hand, if I wish to destroy your data, I can save these
minutes and simply delete database file as whole.
As I already said - security battle is lost as soon as enemy has got
access to server. There is no DBMS which can survive after that.