On Wed, 9 Apr 2008, Graeme Geldenhuys wrote:
> On 09/04/2008, Damien Gerard <[EMAIL PROTECTED]> wrote: > > > > Does their documentation not suitable to you ? > > > > From MSSQL To Firefird > > http://www.firebirdsql.org/manual/migration-mssql.html > > I did find that, but it doesn't cover security access from > applications to Firebird. > > eg: > * MSSQL has server access, database access and table access. > * Firebird has roles, which I'm trying to figure out now, but it's > still hard to find good information. From what I can see is that if > you have a username and password to the firebird server, you can > access all connected databases! You can access them, i.e. connect to the database, but unless the database owner granted you access to some tables, you can't see anything. > Weird? Our applications use login > prompts at startup. At the moment we simply hard-code a firebird > username and password in the application to create the connection, > then access our own 'users' table to manage access to our application. > Is that how everybody else does it with Firebird? I do it like that too, because the security model of any RDBM is ridiculous, firebird is no exception. Security must be specified at a functional level, never at the table level. I tried once at the table level, and ended up giving everybody access to everything, because it's relational and everyone at some point ended up writing in some table. So I dumped that, and implemented a separate security mechanism that looks at functions - what is a person allowed to do ? What data he needs to perform these functions is then irrelevant - worse even, it changes over time. Ever since, I have no more worries over security. Michael. _______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/mailman/listinfo/fpc-pascal
