Every Database comes with one default user, which is created when the database is installed for the first time. As per the Firebird is concerned, It also comes with a default user having Username as sysdba and Password as masterkey which every user using the firebird knows very well. This account has all the privileges on the server and cannot be deleted. Now there comes a security problem, if our database is accessed through internet any user using the default Username and password can log into the database and can easily access the Database.
The solution for this is to change the password of the master user, so that only limited (trusted) administrators should know this in order to administer the database. Never access the database using master account, create normal users to create and manage the database and use that account to access the database so that, Only that user owns the database. No other users from the user list of the database are allowed to access the database unless any grants are given to those users. The user who creates a database gets all the grants by default because he/she is the owner of the database.
firebird does not have any builtin security feature. So it the programmer, who has to keep this is mind of how to secure their data.
Note : Never access the Database with default Username and password.
