Entering User Credentials - Firebird

It is essential to use gsec—or an interface to gsec—to enter user credentials. The gsec interface encrypts passwords before it stores them. Do not connect a user application or admin tool directly to the security database or run a script in order to “batch-enter” users, because the passwords will be stored in clear text.

The required entries are a user name and a password. International character sets are currently not supported for user names or passwords.

Only the SYSDBA user can maintain the security database. That means Firebird, out of the box, does not support users changing their own passwords. Refer to the “Special Topic” at the end of this chapter for a technique to customize user authentication on your server and implement this feature.

User names are case insensitive and unique. Currently, to be usable, they should include only characters allowed for object identifiers: A–Z (or a–z), numerals, and the symbols !, #, $, &, and @. A user name can theoretically be up to 128 characters, but you should consider it restricted to 31 characters, since a longer name will not be valid for use with SQL permissions.

Passwords can be up to 32 characters, but only the first eight characters are significant. Hence, for example, the passwords masterkey and masterkeeper are seen by the server as identical. Passwords are case sensitive. The characters allowed are the same as for user names, but uppercase characters are distinct from lowercase. Passwords need not be unique, although it is desirable from a security perspective to make them so.

Password Encryption

The gsec interface encrypts passwords using a weak method based on a DES hash algorithm. Because of the current eight-character limit, Firebird user authentication should not be regarded as a “centurion at the gate for the modern age.”

Nevertheless, avoid obvious passwords like password or sesame. Mix case, include numerals, and ensure that passwords are changed regularly.

User Credentials in SQL

Because Firebird users are maintained at server level, no SQL language statements are implemented for maintaining them. However, user names do crop up in SQL, as the argument for the GRANT ... TO and REVOKE ... FROM statements. For more information, refer to the next chapter.

The user name is also widely available in many SQL expression contexts through the context variable CURRENT _USER and the server literal USER.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

Firebird Topics