Subject Re: [IBO] Removing "Role" from login dialog?
Author Claudio Valderrama C.
"Helen Borrie" <helebor@...> wrote in message
> You can just remove it from the login dialog form...or leave it there...if
> you are not using roles, it won't matter what the user types there
> (including nothing at all) - Firebird just "swallows" invalid roles by
> converting them to NONE.
> IB is supposed to do the same, btw; I don't think Firebird and IB differ
> this respect.

Unfortunately, no. IB keeps the invalid role for the whole session. Since it
doesn't exist or is not granted, it's not a major security problem.
FB should clear invalid roles because it has CURRENT_ROLE. It doesn't make
sense to return garbage here, since this value can be used to do
programmatic security checks in procedures and triggers, so it should be
accurate. Also, it offers a simple way to know if your role was accepted:
you only do
select current_role from rdb$database
and if it returns NONE, your role wasn't accepted.

Claudio Valderrama C. - -
Independent developer
Owner of the Interbase® WebRing