There is an grave security bug in firebird package 2.0 from debian and ubuntu where an user can connect to the server with SYSDBA and NO password The bug is now fixed in debian sid (unstable) http://packages.debian.org/sid/firebird2.0-super and here is the changelog firebird2.0-super.init: stop exporting ISC_USER and ISC_PASSWORD. Fixes a hole causing remote connections as user SYSDBA to succeed without giving a [...]