New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
grant DDL and DML on object to user/role (MORE SECURITY) [CORE2405] #2823
Comments
Modified by: Elton Amorim Fadel (galdarius)security: Developers [ 10012 ] => |
Modified by: @dyemanovpriority: Critical [ 2 ] => Major [ 3 ] Fix Version: 3.0 Alpha 1 [ 10331 ] Version: 2.5 Beta 1 [ 10251 ] => |
Commented by: Johny Oldman (johnyoldman) Preventing a user with SYSDBA login to access a database can be done easily: 1. Create a database under a name and password other than SYSDBA. Those 3 steps will prevent a user with SYSDBA login name access the database. |
Modified by: Elton Amorim Fadel (galdarius)Version: 3.0 Alpha 1 [ 10331 ] description: Do a Role with SYSDBA name with DDL and DML privileges, and make sure then other people will can't open the database file using SYSDBA to do login, and a better encryptation to FDB file, hiding the user/role name and your password. firebird will be the best choice to deploy to customers, and do upgrade in database objects with a exe upgrades, to customers without dbadmin presence. much more than postgresql! => Do a Role with SYSDBA name with DDL and DML privileges! Make sure then other people will can't open the database file using SYSDBA to do login, and a better encryptation to FDB file, hiding the user/role name and your password. Firebird will be the best choice to deploy, and do auto-upgrade in database objects, to customers without dbadmin presence. |
Commented by: Elton Amorim Fadel (galdarius) @johny Oldman I now this man! But if i connect to a DB with another name and password (not SYSDBA), i can't make changes in DDL command. for example: my customer is in the other side of the world. i cant give him access on the database, but, i can create a simple application to do the upgrade on DDL. just one costumer? its simple maybe you say to give him remote access, but, if i had 10.000 customers? |
Commented by: @dyemanov I think we should close this ticket as resolved. In v2.5 and above you can grant RDB$ADMIN role to any user to do any DDL. In v3.0 you can live without SYSDBA at all. Moreover, you can encrypt the whole database. |
Modified by: @dyemanovstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 3.0 Alpha 1 [ 10331 ] Fix Version: 3.0 Beta 1 [ 10332 ] => |
Modified by: @dyemanovVersion: 3.0 Alpha 1 [ 10331 ] => |
Submitted by: Elton Amorim Fadel (galdarius)
Is related to CORE657
Is related to QA642
Do a Role with SYSDBA name with DDL and DML privileges!
Make sure then other people will can't open the database file using SYSDBA to do login, and a better encryptation to FDB file, hiding the user/role name and your password.
Firebird will be the best choice to deploy, and do auto-upgrade in database objects, to customers without dbadmin presence.
The text was updated successfully, but these errors were encountered: