Database Security

From InterBase

Go Up to Using InterBase Databases


Databases often contain sensitive information. When users try to access protected tables, they are required to provide a password. Once users have been authenticated, they can see only those fields (columns) for which they have permission.

For access to InterBase databases on a server, a valid user name and password is required. Once the user has logged in to the database, that username and password (and sometimes, role) determine which tables can be used. For information on providing passwords to InterBase servers, see Controlling Server Login. There is also a chapter on database security in the Operations Guide.

If you are requiring your user to supply a password, you must consider when the password is required. If you are using a local database but intend to scale up to a larger SQL server later, you may want to prompt for the password before you access the table, even though it is not required until then.

If your application requires multiple passwords because you must log in to several protected systems or databases, you can have your users provide a single master password which is used to access a table of passwords required by the protected systems. The application then supplies passwords programmatically, without requiring the user to provide multiple passwords.

In multi-tiered applications, you may want to use a different security model altogether. You can use CORBA or MTS to control access to middle tiers, and let the middle tiers handle all details of logging into database servers.

Advance To: