Subject RE: [firebird-support] Why does the embedded client require security2.fdb on mac?
Author Lee Graber
Hi Helen,
Thanks for your response and explanation. I forgot to mention that we are using 2.5.2. The interesting scenario that this lack of parity breaks on mac (but works on windows) is accessing the same read-only fdb in multiple local processes using embedded server. Because they use the security fdb, you can get concurrency errors if they both try to access the local fdb at the same time (security fdb is not read-only of course). I appreciate the explanation.


-----Original Message-----
From: [] On Behalf Of Helen Borrie
Sent: Thursday, April 17, 2014 3:48 PM
Subject: Re: [firebird-support] Why does the embedded client require security2.fdb on mac?

At 08:26 a.m. 18/04/2014, Lee Graber wrote:

>I took a look at the code and jrd/pwd.cpp has pretty much all the
>security contents commented out if EMBEDDED compiler definition is set.
>This seems to be inline with the docs which indicate that using
>embedded server doesn?t require username / pwd as all users have access
>if you have the fdb. This flag, -DEMBEDDED, is set on Windows but it is
>not on posix builds. I took a look and there is some other code in
>server.cpp which will break if you set that compiler flag, but

In the existing releases of Firebird the "embedded" model on Windows is different from on POSIX.

-- on Windows, the client connects to the database via XNET and the client and Superserver components work in the same application space

-- on POSIX, the client makes a direct connection to the database via the Classic server, i.e., no network connection. So, on POSIX, authenticatiion for embedded is no different from when the client connects through the network.

>does that mean that embedded clients actually need the security database or just that it was never cleaned up on posix builds to be able to compile.

No, it just means that the code changes for the unified engine were already under way for Firebird 3 and it wasn't worthwhile rewriting the embedded models when it was all going to change anyway.

FWIW, Classic on POSIX always had "embedded". An embedded mode for Windows didn't appear until the Firebird era was well under way. There are other differences between Windows and POSIX in the area of authentication. For example, it is (and always was) possible for POSIX system users to be mapped to Firebird users. An equivalent ability didn't appear for Windows until relatively recently (Fb 2.1 if memory serves me correctly).

Helen Borrie, Support Consultant, IBPhoenix (Pacific) Author of "The Firebird Book" and "The Firebird Book Second Edition"



Visit and click the Resources item on the main (top) menu. Try Knowledgebase and FAQ links !

Also search the knowledgebases at

Yahoo Groups Links