grant DDL and DML on object to user/role (MORE SECURITY) [CORE2405] #2823
Comments
Modified by: Elton Amorim Fadel (galdarius)security: Developers [ 10012 ] => |
Modified by: @dyemanovpriority: Critical [ 2 ] => Major [ 3 ] Fix Version: 3.0 Alpha 1 [ 10331 ] Version: 2.5 Beta 1 [ 10251 ] => |
|
Commented by: Johny Oldman (johnyoldman) Preventing a user with SYSDBA login to access a database can be done easily: 1. Create a database under a name and password other than SYSDBA. Those 3 steps will prevent a user with SYSDBA login name access the database. |
Modified by: Elton Amorim Fadel (galdarius)Version: 3.0 Alpha 1 [ 10331 ] description: Do a Role with SYSDBA name with DDL and DML privileges, and make sure then other people will can't open the database file using SYSDBA to do login, and a better encryptation to FDB file, hiding the user/role name and your password. firebird will be the best choice to deploy to customers, and do upgrade in database objects with a exe upgrades, to customers without dbadmin presence. much more than postgresql! => Do a Role with SYSDBA name with DDL and DML privileges! Make sure then other people will can't open the database file using SYSDBA to do login, and a better encryptation to FDB file, hiding the user/role name and your password. Firebird will be the best choice to deploy, and do auto-upgrade in database objects, to customers without dbadmin presence. |
|
Commented by: Elton Amorim Fadel (galdarius) @johny Oldman I now this man! But if i connect to a DB with another name and password (not SYSDBA), i can't make changes in DDL command. for example: my customer is in the other side of the world. i cant give him access on the database, but, i can create a simple application to do the upgrade on DDL. just one costumer? its simple maybe you say to give him remote access, but, if i had 10.000 customers? |
|
Commented by: @dyemanov I think we should close this ticket as resolved. In v2.5 and above you can grant RDB$ADMIN role to any user to do any DDL. In v3.0 you can live without SYSDBA at all. Moreover, you can encrypt the whole database. |
Modified by: @dyemanovstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 3.0 Alpha 1 [ 10331 ] Fix Version: 3.0 Beta 1 [ 10332 ] => |
Modified by: @dyemanovVersion: 3.0 Alpha 1 [ 10331 ] => |
Submitted by: Elton Amorim Fadel (galdarius)
Is related to CORE657
Is related to QA642
Do a Role with SYSDBA name with DDL and DML privileges!
Make sure then other people will can't open the database file using SYSDBA to do login, and a better encryptation to FDB file, hiding the user/role name and your password.
Firebird will be the best choice to deploy, and do auto-upgrade in database objects, to customers without dbadmin presence.
The text was updated successfully, but these errors were encountered: