When you create a database as described in the following sections, make sure that the database is protected against unauthorized access.
Tables that you create in non-ANSI compliant databases have privileges that allow all users access. Although the default database permissions or access privileges prevent access to the tables, proper security practice protects the audit-analysis table in a database that is not ANSI-compliant by revoking access from all other users as soon as that table is created.
You can use the following SQL statements to control access:
REVOKE ALL ON table FROM PUBLIC GRANT ALL ON table TO informix
After table privileges are revoked, generally with the REVOKE statement, you can grant individual users (for example, user informix) access to the tables with the GRANT statement. For information on SQL statements, see the IBM Informix: Guide to SQL Syntax.
Tables created in ANSI-compliant databases have privileges that allow access only by the owner, which is the appropriate security measure.
You can also use the NODEFDAC environment variable to control access. When set to yes, NODEFDAC does not allow default table privileges (Select, Insert, Update, and Delete) to be granted to PUBLIC when a new table is created in a database that is not ANSI-compliant. For details, see the IBM Informix: Guide to SQL Reference.
Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]