Subject Re: user/pass directed to single .gdb file
Author Wisnu Widiarta
Dear Helen,

I really want to know, how to secure a firebird database from being opened by any user but from the application it self. If I distribute a desktop application with a single file Firebird database (not embedded), how to protect the database from being copied to another machine running Firebird with known sysdba password?

I have searched the question related with this subject, and only find this: http://stackoverflow.com/questions/685420/finding-a-legacy-firebird-interbase-database-password and also your posting here.

If the answer in that post was true, how to use desktop application with firebird database and forbid any user to open it using another machine? Or should I use other database like mySQL or PostgreSQL since it is currently not possible in Firebird?

PS: I use Delphi 2006 to develop the GUI.

-a newbie who really like firebird and delphi-

--- In firebird-support@yahoogroups.com, Helen Borrie <helebor@...> wrote:
>
> At 09:36 AM 5/03/2009, you wrote:
> >hello one and all,
> >
> >is there a way, like under gsec, to allow a user to be attached, directed, or allowed into only a single gdb file? this way when that user logs into the database with their username and password, that they are only allowed into that one database.
>
> Judicious use of SQL privileges, which are defined at database level, including roles. Never assign SQL privileges directly to users, only to roles. The roles defined in one database are unknown in other databases. Then, both user credentials and role will be required at login.
>
> User authentication is done at server level. If the login gets past the gate, the user can *access* any database. However, unless that user has permissions explicity assigned for objects within a particular database, it cannot access anything in it. (Currently, though, any authenticated user can create objects in any database and manipulate them subsequently.)
>
> The SYSDBA user (currently) can access any object in any database.
>
> ./heLen
>