I am new to Firebird, trying to understand how it handles user security.

I want to create a database owned by and accessible to only one user - and that should not be SYSDBA.

Let's call the database MyDB.

In databases.conf I created an alias for MyDB and specified that it should be its own security database.

With the Firebird server NOT running, I did the following in iSQL:

 - connected to the sample employee database (which uses the standard security3.fdb database) as SYSDBA

 - created a new user called MyNewUser and set a password

 - quit iSQL and restarted it as user MyNewUser

 - created MyDB.fdb in the folder already specified for it in databases.conf (so MyNewUser is the owner of MyDB)

 - connected to MyDB as user MyNewUser

 - created a test table and inserted a few test records.

Next I started the Firebird server and using a Firebird client (IBExpert) I did this:

 - attempted to connect to MyDB as user MyNewUser - this was successful

 - attempted to connect to MyDB as SYSDBA - this was unsuccessful, which is what I was expecting.

Next I edited the databases.conf alias for MyDB and removed the SecurityDatabase entry so it would now use the standard security3 database.

Now when I attempt to connect as SYSDBA it is successful and I can see the test records that I previously entered.

This is the point where I confess to being confused. I presume I am wrong but it looks like any Firebird database has a "public back door". What stops me taking a copy of SecretDatabase.fdb and connecting to it on my own Firebird installation?

Steve Bailey