On 05.02.2015 17:47, Geoff Worboys wrote: > Alex Peshkoff wrote: > [...] >>> Currently in FB v2.5.3, if I do NOT specify any of USER, >>> PASSWORD or ROLE then Firebird will happily attach to local >>> databases using the current user's credentials: user name >>> and role - I'm guessing password is assumed rather than ever >>> specified through the use of this line: >>> dpb.insertString(isc_dpb_trusted_auth, attUser);. >>> >>> But, if I specify a ROLE it will no longer do so, I must also >>> specify the USER and PASSWORD. This seems unnecessary, it's >>> not as though, when connecting normally to a db, a user has a >>> different password for different roles. But it is explicit >>> in the code so it would seem to be an intentional restriction >>> so I thought there must be a reason. >>> >> So you want to have ON EXTERNAL 'local.fdb' ROLE role123 ? > Yes - I'm currently experimenting with my own build, because it > looks like an easy change, but I'm wondering if I'm missing > something important, maybe some security aspect I'm not seeing. > > > The situation I'm trying to solve is where the application has > one main application database but some things get logged to > another much simpler database and it turns out that I now need > to obtain some statistics from those logs to merge with stats > from the main database. This was not something I considered > when the separate database was implemented and it uses a much > simpler set of database roles (basically "admin" and "user"), > while the main application database has many roles. > > The release-notes/language-update are quite clear that the > three elements (user/pwd/role) are tied together for ON EXTERNAL > but I tried it anyway, and the notes were right. :-) > So then I looked at the source to see if there were technical > reasons for the restriction, but I'm not seeing any. I guess > when I test my experimental build (will be tomorrow now), I > find out. >
I do not expect any issues here. Trusted connection may use non-default sql role. ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
