On 20-03-2014 18:38, Claudio Valderrama C. wrote: > - Using ATT_gbak_attachment is a security risk, but I don't know how to > solve it. I think this should be replaced by a role, BACKUP_OPERATOR and of > course, this role is checked against the active user, not a program saying > "I'm gbak". Anybody pretending to be gbak can screw sys tables or read more > data than desired.
At least for the write operations, can't isc_dpb_gbak_attach be changed to allow them only when used with create_database (and not with attach_database)? Adriano ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
