You might want to consider adding an application-level user-check as
well (verify the user credentials to a table specific to the application).

You have two options:
1) Always use the same database account in your application and only
verify application user credentials.
2) Make sure the database account and application user credentials are
in sync and use credentials to login to the database and then also
verify the application credentials.

Option 1 is simpler (removes a lot of hassle and allows for easier
introduction of multiple user accounts). Downside is that the database
account needs to be either hardcoded or set in a configuration file.
Option 2 requires a bit more administration (especially keeping the data
in sync).

Mark

Stevio wrote:

> A while back we had a discussion on here regarding the sysdba user and
> creating a user for your application etc. I'm just looking for a bit of
> guidance now and to check I am going about things the right way.
>
> I have been updating the database used by my application to be owned by a
> specific user (e.g. "myfirebirduser"), not the sysdba user. However, if
> someone logs into my application as "sysdba" instead of "myfirebirduser",
> they can still use the application just as well as "myfirebirduser" and make
> changes to the database through the application.
>
> Is the best thing to do to write code into my application to prevent someone
> logging in as the sysdba user? (I know they could still use a database
> program to access the data but I want to force them, when using the app, to
> login as "myfirebirduser".)
>
> Also, I have an existing database that I would like to change the owner and
> all the rights etc from "sysdba" to "myfirebirduser". I tried to do this
> before but didn't succeed. Can you recommend an application that I could use
> to do this and any advice about how to do it is appreciated.
>
> Thanks.

--
Mark Rotteveel