| Subject | DDL privileges in FB 2.5 |
|---|---|
| Author | opher_shachar |
| Post date | 2010-12-04T09:38:20Z |
Hello all,
I'm currently evaluating and learning Firebird. Previously I developed for MSDE/MSSQL Express.
I've downloaded & installed FB v2.5 .
Went through the Quickstart guide and some docs...
and it seems FB out-of-the-box allows for some things I've come to consider security basics:
1. Any user can create a database.
2. Any user defined in FB can attach to any database and query the meta-data (RDB$* tables).
3. There are no privileges for DDLs, ie. any user can create tables in any database.
While perhaps the first issue can be mitigated by using aliases and DatabaseAccess = None,
the second with a database attach trigger,
I couldn't figure out how to overcome the third issue.
Am I missing something here? Or is this really the state of things?
Thanks,
Opher.
I'm currently evaluating and learning Firebird. Previously I developed for MSDE/MSSQL Express.
I've downloaded & installed FB v2.5 .
Went through the Quickstart guide and some docs...
and it seems FB out-of-the-box allows for some things I've come to consider security basics:
1. Any user can create a database.
2. Any user defined in FB can attach to any database and query the meta-data (RDB$* tables).
3. There are no privileges for DDLs, ie. any user can create tables in any database.
While perhaps the first issue can be mitigated by using aliases and DatabaseAccess = None,
the second with a database attach trigger,
I couldn't figure out how to overcome the third issue.
Am I missing something here? Or is this really the state of things?
Thanks,
Opher.