Issue Details (XML | Word | Printable)

Key: CORE-685
Type: New Feature New Feature
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Pavel Cisar
Votes: 9
Watchers: 9

If you were logged in you would be able to see more operations.
Firebird Core

location of users lists /DB permission/

Created: 17/Sep/03 12:00 AM   Updated: 28/Sep/15 01:03 PM
Component/s: Security
Affects Version/s: None
Fix Version/s: 3.0 Alpha 1

Issue Links:

SF_ID: 807971

 Description  « Hide
SFID: 807971#
Submitted By: pcisar

here is 2 possible ways :
1.relocate user list from isc4.gdb to user DB
2.create additional user list in user DB and secondary
authentification mechanism per database

it's needed when peoples don't want share structure of
created database with other include SYSDBA.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alice F. Bird added a comment - 14/Jun/06 09:41 AM
Date: 2005-07-24 18:42
Sender: dimitr
Logged In: YES

Comment by Osama ALASSIRY:

One huge problem is that by moving a database file to
another server, you can access and modify all the data
in the database using the other server's sysdba account.

A standalone database would be one that does not use
any information from security.fdb, it includes its own
users table and will not respond to the users in

Gregory Kotsaftis added a comment - 16/Dec/06 12:01 PM
This is a must!

Nobody should be able to copy the database file to another computer, with another
firebird installation and another sysdba user.
The same applies for backup/restore jobs, a backup up of the original db should not
be restored to another installation without the original sysdba passwd.

I hope this will be resolved in v3.0

Dimitris Panidis added a comment - 23/Apr/08 02:02 PM
Thanks for the answer. However, I have a hard time understanding both workarounds. No1 says to "relocate user list from isc4.gdb to user DB". From what I saw, isc4.gdb is the security database of Interbase, from what little I know, the security db for Firebird is security2.fdb. In any case, how can I disable and bypass the built in security mechanism of this database and place it on my own database file?
As far as the second suggestion, "create additional user list in user DB and secondary authentication mechanism per database", I already have extra application level authentication but how can I prevent people from copying the entire database file, and opening it from their own fresh installation? Any help on the above will be greatly appreciated

Dmitry Yemanov added a comment - 25/Apr/08 06:15 AM
They are not workarounds but possible implementation suggestions to be considered by the FB developers.

Dmitry Yemanov added a comment - 23/Oct/12 08:39 AM
I'm closing this one as resolved but keeping CORE-3368 open until all its subtasks are completed.