> I am planning the infrastructure and security and I have several
> doubts. My initial idea would be to have a database where users can
> save their emails and create a separate database for each client.

For an Web-Application this is not really common practice as you prevent
e.g. usage of "connection pooling".

An alternative would be to use an single database and an single database
user. If the machine is dedicated toi that web application it should be
ok to use default SYSDBA/masterkey login as nobody besides the
application can connect to database.

It's than up to the application to manage user login with information
stored in an normal table.

Also the application has to manage accessing the correct data - you will
pass Company ID to most SQL statements.

As number of clients grows using an single database will consume much
less resources on your server.

> I think it is best to isolate each database with its own security*.fdb
> to prevent any client from accessing another database

You application is the only one connecting to database. The clients are
connecting to your application.

> and in this point is what I am not clear about, how to manage users
> and security by database, permissions...

read documentation for "CREATE USER" and "GRAND" SQL-Statements.

> I would also need to be able to create a database on the fly, when a
> new client registers, for that I need to stop the Firebird service?
>

You can create databases without stopping server of course - it is up to
the server to create database. But, creating database and tables does
take some time.