On 8/9/22 12:41, Dimitry Sibiryakov wrote:
Alex Peshkoff via Firebird-devel wrote 09.08.2022 6:33:
PPS. If one has access to database.conf to create new alias he
definitely has embedded access to server, i.e. problem appears to be
rather artificial.
Consider a shared database hosting where aliases are created by
admin for every user.
Agreed, possible scenario (on practice currently everyone is using VM's,
but anyway ...). And a case when such databases use self-security also
fits well into such schema. But in that case to create database (and let
people perform some recovery when for example were revoked admin rights
from all users in database) such hosting needs special authentication
plugin able to validate per-database "super"-users and grant them on
login full access to apropriate database(s). Writing such plugin (based
on SRP but using another databases access rules) is possible.
But is it really actual?
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
