[fpc-pascal] Looking for a Firebird book?
Michael Van Canneyt
michael at freepascal.org
Wed Apr 9 10:53:25 CEST 2008
On Wed, 9 Apr 2008, Graeme Geldenhuys wrote:
> On 09/04/2008, Damien Gerard <milipili at shikami.org> wrote:
> >
> > Does their documentation not suitable to you ?
> >
> > From MSSQL To Firefird
> > http://www.firebirdsql.org/manual/migration-mssql.html
>
> I did find that, but it doesn't cover security access from
> applications to Firebird.
>
> eg:
> * MSSQL has server access, database access and table access.
> * Firebird has roles, which I'm trying to figure out now, but it's
> still hard to find good information. From what I can see is that if
> you have a username and password to the firebird server, you can
> access all connected databases!
You can access them, i.e. connect to the database, but unless the
database owner granted you access to some tables, you can't see
anything.
> Weird? Our applications use login
> prompts at startup. At the moment we simply hard-code a firebird
> username and password in the application to create the connection,
> then access our own 'users' table to manage access to our application.
> Is that how everybody else does it with Firebird?
I do it like that too, because the security model of any RDBM is ridiculous,
firebird is no exception.
Security must be specified at a functional level, never at the table level.
I tried once at the table level, and ended up giving everybody access to
everything, because it's relational and everyone at some point ended up
writing in some table. So I dumped that, and implemented a separate security
mechanism that looks at functions - what is a person allowed to do ?
What data he needs to perform these functions is then irrelevant -
worse even, it changes over time.
Ever since, I have no more worries over security.
Michael.
More information about the fpc-pascal
mailing list