| Subject | Re: [firebird-support] SQL user management in FB 2.5 |
|---|---|
| Author | Tomasz Tyrakowski |
| Post date | 2011-10-03T21:18:26Z |
Dear Helen,
Thank you for the clarification. I think this particular user ("IS") was
added by our customer in FB 1.0.3, but that's irrelevant. And yes, we've
been upgrading the security database along the servers, sticking to
dialect 1 for the main databases for lack of a good enough reason to
make the effort of migrating to dialect 3 (600k lines of Delphi code to
scrutinize, plus about 40 databases with average size of 20GB to
transfer to a new structure and a lot of triggers and stored procedures
to verify).
I'm not sure I understand your question regarding unquoted "special"
users in our security databases. The scenario is simple and can be
repeated easily with the current version of FB. Just create a weird
user, say IS ;), using gsec (or services). Then you can't do anything
with that user if you issue the ALTER USER statements being logged in to
a dialect 1 database, while everything works fine if you're logged in to
a dialect 3 database (despite the fact that you're actually working with
the very same security DB). Now at least, thanks to your hints, I fully
understood why that's the case, and I admit I forgot that quoting of DB
objects requires dialect 3.
In fact, the previous sentences suggest a simple workaround: create an
empty dialect 3 database and make your app attach to it just to execute
CREATE/ALTER/DROP USER safely (with quoted user names). The server
doesn't care which DB you're working on anyway - it's the dialect that
matters.
thanks again
Tomasz
Thank you for the clarification. I think this particular user ("IS") was
added by our customer in FB 1.0.3, but that's irrelevant. And yes, we've
been upgrading the security database along the servers, sticking to
dialect 1 for the main databases for lack of a good enough reason to
make the effort of migrating to dialect 3 (600k lines of Delphi code to
scrutinize, plus about 40 databases with average size of 20GB to
transfer to a new structure and a lot of triggers and stored procedures
to verify).
I'm not sure I understand your question regarding unquoted "special"
users in our security databases. The scenario is simple and can be
repeated easily with the current version of FB. Just create a weird
user, say IS ;), using gsec (or services). Then you can't do anything
with that user if you issue the ALTER USER statements being logged in to
a dialect 1 database, while everything works fine if you're logged in to
a dialect 3 database (despite the fact that you're actually working with
the very same security DB). Now at least, thanks to your hints, I fully
understood why that's the case, and I admit I forgot that quoting of DB
objects requires dialect 3.
In fact, the previous sentences suggest a simple workaround: create an
empty dialect 3 database and make your app attach to it just to execute
CREATE/ALTER/DROP USER safely (with quoted user names). The server
doesn't care which DB you're working on anyway - it's the dialect that
matters.
thanks again
Tomasz
On 2011-10-03 22:30, Helen Borrie wrote:
> At 08:32 AM 4/10/2011, Tomasz Tyrakowski wrote:
>> Hi guys,
>>
>> Have you managed to make the statement
>>
>> alter user IS grant admin role
>>
>> work? Or any other alter/create user with an SQL keyword as the user name?
>> If anybody happened to read somewhere that it's downright impossible,
>> please post a link so that other people stop wasting their time searching.
>
> Let's put it this way: it *shouldn't* be possible with a Dialect 1 database. Reason: IS is a reserved word in Fb 2.5. The only way to refer to that identifier in SQL would be to double-quote it. The double-quote feature is not supported in Dialect 1.
>
> The interesting part is how you managed to have this identifier existing unquoted in your v.11.2 security database. The only way I can think of is that it has been progressively upgraded as a Dialect 1 database since IB 4 times.
>
> ./hb
>
>
--
__--==============================--__
__--== Tomasz Tyrakowski ==--__
__--== SOL-SYSTEM ==--__
__--== http://www.sol-system.pl ==--__
__--==============================--__