Subject DDL privileges in FB 2.5
Author opher_shachar
Hello all,
I'm currently evaluating and learning Firebird. Previously I developed for MSDE/MSSQL Express.
I've downloaded & installed FB v2.5 .
Went through the Quickstart guide and some docs...
and it seems FB out-of-the-box allows for some things I've come to consider security basics:

1. Any user can create a database.
2. Any user defined in FB can attach to any database and query the meta-data (RDB$* tables).
3. There are no privileges for DDLs, ie. any user can create tables in any database.

While perhaps the first issue can be mitigated by using aliases and DatabaseAccess = None,
the second with a database attach trigger,
I couldn't figure out how to overcome the third issue.

Am I missing something here? Or is this really the state of things?