About Security Access - Firebird

It is not always obvious to newcomers that there is a distinction between server access And database security. When you “log into” a Firebird database using isql or your favorite admin tool, you always supply a user name and password, along with server, port (sometimes), and path parameters. Whenever you do this, you are logging into theserver and opening an attachment to a database.

If the database does not exist yet and you have started isql from the command line with no parameters, then two things are “givens”:

  • You are logged into the server.
  • Until you submit a CONNECT or CREATE DATABASE request to the server, the program is not attached to a database.

Password access is always required to log into the server. Once in, you can attach to any database. What you can do, once attached, depends on SQL privileges, which are stored within the database. The SYSDBA user has full destructive rights to every database and every object within it. The owner (the user that created the database) has automatic rights to the database, although not to any objects within it that were created by other users. SQL privileges are opt-in. That means that, although any user with server access can attach to any database, the user will have no rights to do anything to anything, other than what has been explicitly or implicitly granted to it by the owner, using GRANT statements.

The issues of server access and database security are discussed in detail in Part Eight.


It is possible to set up the two environment variables ISC_USER and ISC_PASSWORD on the server, to avoid the need to write and store scripts that contain passwords “in clear.” You will be able do everything that the named user is allowed to do, without needing to supply credentials. This feature is handy for administrative tasks, but it must be used with a high level of caution because it leaves your database access open to any local user who happens upon your command shell.

If you want to play with fire, set these two variables permanently. If you want to have that extra level of convenience and script security, set them temporarily each time you want them and be certain to reset them whenever you leave your console.

On Linux, in the same shell from which you will launch the application, type

]# setenv ISC_USER=SYSDBA ]# setenv ISC_PASSWORD=masterkey

To unset, either use this:

]# setenv ISC_USER= ]# setenv ISC_PASSWORD=

or simply close the shell.
On Windows, go to the command prompt and type


To unset, type


All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

Firebird Topics