Subject | Re: [IBO] Removing "Role" from login dialog? |
---|---|
Author | Claudio Valderrama C. |
Post date | 2002-04-08T06:53:54Z |
"Helen Borrie" <helebor@...> wrote in message
news:5.1.0.14.0.20020406171107.02cbfd60@......
doesn't exist or is not granted, it's not a major security problem.
FB should clear invalid roles because it has CURRENT_ROLE. It doesn't make
sense to return garbage here, since this value can be used to do
programmatic security checks in procedures and triggers, so it should be
accurate. Also, it offers a simple way to know if your role was accepted:
you only do
select current_role from rdb$database
and if it returns NONE, your role wasn't accepted.
C.
--
Claudio Valderrama C. - http://www.cvalde.com - http://www.firebirdSql.org
Independent developer
Owner of the Interbase® WebRing
news:5.1.0.14.0.20020406171107.02cbfd60@......
>in
> You can just remove it from the login dialog form...or leave it there...if
> you are not using roles, it won't matter what the user types there
> (including nothing at all) - Firebird just "swallows" invalid roles by
> converting them to NONE.
>
> IB is supposed to do the same, btw; I don't think Firebird and IB differ
> this respect.Unfortunately, no. IB keeps the invalid role for the whole session. Since it
doesn't exist or is not granted, it's not a major security problem.
FB should clear invalid roles because it has CURRENT_ROLE. It doesn't make
sense to return garbage here, since this value can be used to do
programmatic security checks in procedures and triggers, so it should be
accurate. Also, it offers a simple way to know if your role was accepted:
you only do
select current_role from rdb$database
and if it returns NONE, your role wasn't accepted.
C.
--
Claudio Valderrama C. - http://www.cvalde.com - http://www.firebirdSql.org
Independent developer
Owner of the Interbase® WebRing