On 05.02.2015 16:27, Geoff Worboys wrote: > Alex Peshkoff wrote: >> On 05.02.2015 15:36, Geoff Worboys wrote: >>> Hi, >>> >>> Firebird v2.5.3 >>> >>> I've been studying the source trying to understand the reasons >>> behind a particular aspect of EXECUTE STATEMENT with ON EXTERNAL. >>> >>> Specifically, why are USER PASSWORD and ROLE tied together here? >>> >>> I had thought it should have been feasible to have >>> EXECUTE STATEMENT issued with a specific ROLE but no USER and >>> PASSWORD, and still be able to use the current user credentials >>> and it would be up to the external database to accept or reject >>> the requested role access. >>> >>> In the code this appears to be a deliberate restriction rather >>> than a practical matter of what is possible, so I am imagining >>> there must have been security or other concerns about this. >>> Can someone enlighten me, or maybe hint where I might find prior >>> discussions on this (I can't find anything in my archives of >>> this list). >>> >> Please look here >> http://tracker.firebirdsql.org/browse/CORE-3983 > No, I don't think that's the same as what I mean. > > Currently in FB v2.5.3, if I do NOT specify any of USER, > PASSWORD or ROLE then Firebird will happily attach to local > databases using the current user's credentials: user name > and role - I'm guessing password is assumed rather than ever > specified through the use of this line: > dpb.insertString(isc_dpb_trusted_auth, attUser);. > > But, if I specify a ROLE it will no longer do so, I must also > specify the USER and PASSWORD. This seems unnecessary, it's > not as though, when connecting normally to a db, a user has a > different password for different roles. But it is explicit > in the code so it would seem to be an intentional restriction > so I thought there must be a reason. >
So you want to have ON EXTERNAL 'local.fdb' ROLE role123 ? ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
