Subject | Re: [IB-Architect] Nailing down the external file problem. |
---|---|
Author | Paul Reeves |
Post date | 2000-12-20T18:26:07Z |
"Leyne, Sean" wrote:
of the server that has the permission to read and write to the file-system. That
is where the security issue lies.
I agree that moving a database from one system to another could become a more
difficult as a result of this proposal. But moving databases with external files
is already difficult. Have you ever tried restoring a database where the path to
the external files doesn't exist?
Overall this issue may be better dealt with by establishing a
non-root/administrator user as default owner. But even then there is always the
problem that the new owner will have permissions to read or read/write to
sensitive areas. Better to lock down external file access in a simple and
consistent fashion and let users find another gun to shoot themselves in the
foot with.
Paul
--
Paul Reeves
http://www.ibphoenix.com
taking InterBase further
>I don't think so, because we are looking at a server process and it is the owner
> Paul,
>
> While agreeing that external files can pose a security threat...
>
> Isn't the issue external files security something that needs to be
> controlled on a db to db basis?
>
of the server that has the permission to read and write to the file-system. That
is where the security issue lies.
I agree that moving a database from one system to another could become a more
difficult as a result of this proposal. But moving databases with external files
is already difficult. Have you ever tried restoring a database where the path to
the external files doesn't exist?
Overall this issue may be better dealt with by establishing a
non-root/administrator user as default owner. But even then there is always the
problem that the new owner will have permissions to read or read/write to
sensitive areas. Better to lock down external file access in a simple and
consistent fashion and let users find another gun to shoot themselves in the
foot with.
Paul
--
Paul Reeves
http://www.ibphoenix.com
taking InterBase further