| Subject | Re: [firebird-support] How can I prevent that my database can be opened with another security.fdb. |
|---|---|
| Author | Thomas Steinmaurer |
| Post date | 2016-04-08T08:34:52Z |
Roland,
the new Firebird 3 per-database security database capability/area is a bit confusing or perhaps leads to wrong expectations, unfortunately.
When a user database acts itself also as a security database, this does not mean that you get some sort of embedded user authentication as in InterBase, that said, the expectation that you can move around the database and you are not able to connect without knowing user credentials stored in the database itself is wrong. I hope I'm wrong and stand corrected if I am, but I guess this is how it works.
Although, the alternate security database approach makes a lot of sense e.g. for (web) hosting companies, running several customer databases in an isolated way from a user database perspective, without sharing the e.g. the SYSDBA user across several customers. ;-)
--
With regards,
Thomas Steinmaurer
http://www.upscene.com
Professional Tools and Services for Firebird
FB TraceManager, IB LogManager, Database Health Check, Tuning etc.
'Mueller, Roland (GE87)' Roland.Mueller@... [firebird-support] schrieb am 08.04.2016 10:12:
the new Firebird 3 per-database security database capability/area is a bit confusing or perhaps leads to wrong expectations, unfortunately.
When a user database acts itself also as a security database, this does not mean that you get some sort of embedded user authentication as in InterBase, that said, the expectation that you can move around the database and you are not able to connect without knowing user credentials stored in the database itself is wrong. I hope I'm wrong and stand corrected if I am, but I guess this is how it works.
Although, the alternate security database approach makes a lot of sense e.g. for (web) hosting companies, running several customer databases in an isolated way from a user database perspective, without sharing the e.g. the SYSDBA user across several customers. ;-)
--
With regards,
Thomas Steinmaurer
http://www.upscene.com
Professional Tools and Services for Firebird
FB TraceManager, IB LogManager, Database Health Check, Tuning etc.
'Mueller, Roland (GE87)' Roland.Mueller@... [firebird-support] schrieb am 08.04.2016 10:12:
> Thanks for your suggestions.
>
> I am actually searching for another way. This database is part of an
> application that is deployed at our customers.
> In the new firebird release it is possible to choose security authentication
> via external .fbd file or programmed into the database itself.
>
> We want to use the authentication in our own database and prevent any use of
> .fdb files for access. Now if a customer has our database, he simply can set
> security3.fdb and gain access to the DB.
> Is there any way to prevent this and only use our authentication ?
>
> regards Roland
>
>