It is essential to use gsec—or an interface to gsec—to enter user credentials. The gsec interface encrypts passwords before it stores them. Do not connect a user application or admin tool directly to the security database or run a script in order to “batch-enter” users, because the passwords will be stored in clear text.
The required entries are a user name and a password. International character sets are currently not supported for user names or passwords.
Only the SYSDBA user can maintain the security database. That means Firebird, out of the box, does not support users changing their own passwords. Refer to the “Special Topic” at the end of this chapter for a technique to customize user authentication on your server and implement this feature.
User names are case insensitive and unique. Currently, to be usable, they should include only characters allowed for object identifiers: A–Z (or a–z), numerals, and the symbols !, #, $, &, and @. A user name can theoretically be up to 128 characters, but you should consider it restricted to 31 characters, since a longer name will not be valid for use with SQL permissions.
Passwords can be up to 32 characters, but only the first eight characters are significant. Hence, for example, the passwords masterkey and masterkeeper are seen by the server as identical. Passwords are case sensitive. The characters allowed are the same as for user names, but uppercase characters are distinct from lowercase. Passwords need not be unique, although it is desirable from a security perspective to make them so.
The gsec interface encrypts passwords using a weak method based on a DES hash algorithm. Because of the current eight-character limit, Firebird user authentication should not be regarded as a “centurion at the gate for the modern age.”
Nevertheless, avoid obvious passwords like password or sesame. Mix case, include numerals, and ensure that passwords are changed regularly.
User Credentials in SQL
Because Firebird users are maintained at server level, no SQL language statements are implemented for maintaining them. However, user names do crop up in SQL, as the argument for the GRANT ... TO and REVOKE ... FROM statements. For more information, refer to the next chapter.
The user name is also widely available in many SQL expression contexts through the context variable CURRENT _USER and the server literal USER.
Firebird Related Interview Questions
|RDBMS Interview Questions||MySQL Interview Questions|
|Linux Interview Questions||Mac OS X Deployment Interview Questions|
|Windows Administration Interview Questions||Windows Server 2003 Interview Questions|
|SQL Interview Questions||NoSQL Interview Questions|
|Advanced C++ Interview Questions|
Introduction To Client/server Architecture
About Firebird Data Types
Date And Time Types
Blobs And Arrays
From Drawing Board To Database
Creating And Maintaining A Database
Firebird’s Sql Language
Expressions And Predicates
Querying Multiple Tables
Ordered And Aggregated Sets
Overview Of Firebird Transactions In
Programming With Transactions
Introduction To Firebird Programming
Developing Psql Modules
Error Handling And Events
Security In The Operating Environment
Configuration And Special Features
Interactive Sql Utility (isql)
Database Backup And Restore (gbak)
Housekeeping Tool (gfix)
Understanding The Lock Manager
All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.