| Subject | Re: [IB-Architect] Journaling support? |
|---|---|
| Author | Jason Wharton |
| Post date | 2000-03-24T17:28:17Z |
Doug,
The issues you have raised have prevented me from deploying an
application over the internet that I was planning to rollout. There are some
other security holes that I would like to see closed off too. Is all someone
needs to exploit them is a valid username and password. Not just the SYSDBA...
It is impossible to deploy an InterBase client application without making a
valid username and password easily accessible to anyone who wants it. Right now
multi-tier or HTML-based is the only way to safely rollout an application for
general usage.
For example, not only by creating a database can
they fill up the disk space they are also the owner of the database which gives
them full rights to do with it whatever they want. For example, they can declare
an external file in such a way that they can insert records into it to place a
file on your server which could be a UDF DLL. Then, they could totally
compromise the security of the whole machine by having their own system of
transporting executable code to the server and a vehicle to pull information
back from the server.
Previously it was possible to declare a UDF for
existing vanilla DLL's and I am to understand that this has been resolved in
6.0(probably by looking for a specific signature unique to a IB UDF DLL) but the
door is still open to write and upload (via external table) your own compliant
DLL and through it bridge to any other DLLs of interest.
This is definitely when the system administrator
would take the InterBase DBA outside and around the corner for some
"talking" to...
InterBase will be the database of the new
millennium.