At 04:29 AM 02-12-00 -0400, you wrote:

> >
> > Because they're horribly insecure. Yes, there's no doubt
> > that we'd have to retain the mechanism for upward compatibility.
>
> Hmmm, one basic idea is that I trust the administrator of a system.
>Otherwise, all is lost. If the SYSDBA can install a tested UDF, the security
>problem could be lessened.

Perhaps the security problem has more to do with the fact that currently
only the declaration is compiled in the database (compiled? maybe just
"stored"..). So a malevolent person could write a trojan horse ib_udf.dll
or ib_udf.so with bona fide functions replaced by malicious ones with
identical name and parameters, make it available as a bin download and
catch a lot of eager SYSDBAs with their pants down.

That's without even thinking of the oicks who ping server ports every
waking hour...I've been watching them through Black Ice...the same gang of
(presumably unemployed) Russians (or maybe one guy with several similar IP
addresses with the same ISP, or a family of bots) has a fascination with
interrogating our port 3050. How hard is it to build up a list of IB
Servers that also have pop ports and fire a loaded email vbscript out to
support@..., that targets ib_udf.dll and overwrites it?

I hadn't thought about ib_udf.dll as a security hole before but this trojan
doesn't even need a login.

H.


All for Open and Open for All
InterBase Developer Initiative · http://www.interbase2000.org
_______________________________________________________