Subject Re: [IB-Architect] Journaling support?
Author Jason Wharton
The issues you have raised have prevented me from deploying an application over the internet that I was planning to rollout. There are some other security holes that I would like to see closed off too. Is all someone needs to exploit them is a valid username and password. Not just the SYSDBA... It is impossible to deploy an InterBase client application without making a valid username and password easily accessible to anyone who wants it. Right now multi-tier or HTML-based is the only way to safely rollout an application for general usage.
For example, not only by creating a database can they fill up the disk space they are also the owner of the database which gives them full rights to do with it whatever they want. For example, they can declare an external file in such a way that they can insert records into it to place a file on your server which could be a UDF DLL. Then, they could totally compromise the security of the whole machine by having their own system of transporting executable code to the server and a vehicle to pull information back from the server.
Previously it was possible to declare a UDF for existing vanilla DLL's and I am to understand that this has been resolved in 6.0(probably by looking for a specific signature unique to a IB UDF DLL) but the door is still open to write and upload (via external table) your own compliant DLL and through it bridge to any other DLLs of interest.
This is definitely when the system administrator would take the InterBase DBA outside and around the corner for some "talking" to...
Jason Wharton
InterBase Developer Initiative
InterBase will be the database of the new millennium.