Subject Re: [firebird-support] Firebird - no security??? Seems unbelievable....
Author Fabricio Araujo
neighbour.kerry escreveu:
> I have been using Firebird 2.1 for some time now (developing in Delphi
> 7). It is now time to start putting the system with customer's. So I
> want to add access control and passwords, etc.
> It seems that this is not possible, and I am puzzled. Even MSAccess can
> do this.
> I know how to change the SYSDBA password (using GSEC, etc). I can and
> have done this ok.
> There are two problems with this - at least.
> 1. This password is for ALL databases. So the password is for the
> server, not the databases.

Hmmm... The same for MSSQL, the login is the same for the whole server,
the dbuser is just a pointer to the login.

> 2. all someone has to do is copy a passworded database to another server
> - with a password that they know - and they are in! Seems rather
> pointless using passwords at all.

huh? If you do the same with SQL Server, and make a detach and attach a
dbfile on Server you control all access is granted.
Protecting the db file is something you must do.

> >From reading this forum, I see that the only real way to put any sort
> of access control is to use Roles. But if you login as SYSDBA, what is
> the point? Surely Roles are not relevant then?

If you log with sa on MSSQL(or a user with sysadmin server role
assigned) you are almighty as in FB...

> If I have this all wrong, then please feel free to clear me up!