Subject | Re: [firebird-support] Firebird - no security??? Seems unbelievable.... |
---|---|
Author | Fabricio Araujo |
Post date | 2009-11-19T03:45:02Z |
neighbour.kerry escreveu:
the dbuser is just a pointer to the login.
dbfile on Server you control all access is granted.
Protecting the db file is something you must do.
assigned) you are almighty as in FB...
>Hmmm... The same for MSSQL, the login is the same for the whole server,
>
> I have been using Firebird 2.1 for some time now (developing in Delphi
> 7). It is now time to start putting the system with customer's. So I
> want to add access control and passwords, etc.
>
> It seems that this is not possible, and I am puzzled. Even MSAccess can
> do this.
>
> I know how to change the SYSDBA password (using GSEC, etc). I can and
> have done this ok.
>
> There are two problems with this - at least.
>
> 1. This password is for ALL databases. So the password is for the
> server, not the databases.
the dbuser is just a pointer to the login.
>huh? If you do the same with SQL Server, and make a detach and attach a
> 2. all someone has to do is copy a passworded database to another server
> - with a password that they know - and they are in! Seems rather
> pointless using passwords at all.
dbfile on Server you control all access is granted.
Protecting the db file is something you must do.
>If you log with sa on MSSQL(or a user with sysadmin server role
> >From reading this forum, I see that the only real way to put any sort
> of access control is to use Roles. But if you login as SYSDBA, what is
> the point? Surely Roles are not relevant then?
assigned) you are almighty as in FB...
>
> If I have this all wrong, then please feel free to clear me up!