On 07/15/2015 01:24 PM, Dmitry Yemanov wrote: > 15.07.2015 13:14, Alex Peshkoff wrote: > >> I worry more about SQL-based management. Creating first user is required >> step not only for initializing security3.fdb, it's also required when >> new security database (non-default) is to be added to the server. May be >> play this trick if an explicit user switch is not provided (i.e. OS user >> name is used) in embedded attachment and an attempt is made to add >> SYSDBA in any case, not only in gsec? > Maybe, but we should not limit the solution to SYSDBA only. If someone > wants to avoid SYSDBA at all and initialize the security database with > gsec -add mydba -pw mypassword [s]he should not specify -user sysdba > either (it does not exist and hence looks weird too). >
If we try not to limit solution, than we must think about letting execute other commands too, not only 'add user'. Imagine one creates user XXX wishing to avoid SYSDBA: create user xxx password 'yyy'; Later he understands that it will be good idea to make him an admin: alter user xxx grant admin role Should it fail or not? I'm afraid that following this way we may decide that it will be good idea to execute all user control flow as superuser in embedded case. And must say that adding 'GRANT CREATE TABLE TO PUBLIC;' and 'GRANT CREATE VIEW TO PUBLIC;'to security database build script seems to be less worse than this choice. ------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
