Firebird Documentation IndexFirebird 2.0.6 Release NotesKnown Compatibility Issues → Security in Firebird 2 (All Platforms)
Firebird Home Firebird Home Prev: Known Compatibility IssuesFirebird Documentation IndexUp: Known Compatibility IssuesNext: SQL Migration Issues

Security in Firebird 2 (All Platforms)

Be aware of the following changes that introduce incompatibilities with how your existing applications interface with Firebird's security:

Direct connections to the security database are no longer allowed

Apart from the enhancement this offers to server security, it also isolates the mechanisms of authentication from the implementation.

  • User accounts can now be configured only by using the Services API or the gsec utility.

  • For backing up the security database, the Services API is now the only route. You can employ the -se[rvice] hostname:service_mgr switch when invoking the gbak utility for this purpose.

Non-SYSDBA users no longer can see other users' accounts in the security database

A non-privileged user can retrieve or modify only its own account and it can change its own password.

Remote attachments to the server without a login and password are now prohibited

  • For attachments to Superserver, even root trying to connect locally without “localhost:” in the database file string, will be rejected by the remote interface if a correct login is not supplied.

  • Embedded access without login/password works fine. On Windows, authentication is bypassed. On POSIX, the Unix user name is used to validate access to database files.

The security database is renamed to security2.fdb

If you upgrade an existing installation, be sure to upgrade the security database using the provided script in order to keep your existing user logins.

Before you begin the necessary alterations to commission an existing security database on the Firebird 2.0 server, you should create a gbak backup of your old security.fdb (from v.1.5) or isc4.gdb (from v.1.0) using the old server's version of gbak and then restore it using the Firebird 2.0 gbak.

Important

You must make sure that you restore the security database to have a page size of at least 4 Kb. The new security2.fdb will not work with a smaller page size.

Warning

A simple 'cp security.fdb security2.fdb' will make it impossible to attach to the firebird server !

For more details see the notes in the chapter on security, New Security Features. Also read the file security_database.txt in the upgrade directory beneath the root directory of your installation.

Prev: Known Compatibility IssuesFirebird Documentation IndexUp: Known Compatibility IssuesNext: SQL Migration Issues
Firebird Documentation IndexFirebird 2.0.6 Release NotesKnown Compatibility Issues → Security in Firebird 2 (All Platforms)