Subject Re: [IBO] passwords
Author Helen Borrie
At 03:43 PM 27/05/2005 +0200, you wrote:
>I would like to know.If firebird is allready installed on a machine and the
>sysdba password has been changed.
>The way i understand it is that i will not get into my application without
>someone telling me what the new password is and what
>happens if the person that has it installed does not know the password. I
>can't change it back because that would make his application stop.

You are not meant to hard-code passwords in applications that are intended
for production use. You should use a login dialog, where the user enters
the password, and don't store the password at all. Set PasswordStorage (on
the connection object) to psNone.

If you store the username, then the login dialog will default to that
username. Unless you code otherwise, the username can be changed in the
login dialog. (Look at IB_SQL to see how it works).

Of course, if you deploy your application to a site where the SYSDBA
password is not known, *everyone* has a problem!

The recommended thing to do is to have an Owner user. This Owner should
create the database and all of the objects in it. Then, on site, if you
have to do an upgrade of your software, you can add this user to the
security database and log in as Owner.

You should set up "ordinary" users for the people who use the system, and
install SQL access privileges for them.