| Subject | Re: [IB-Architect] Fw: Mischievous SYSDBA |
|---|---|
| Author | Paul Beach |
| Post date | 2000-05-22T13:21:13Z |
Steve,
Please feel free to do so, the current thinking, is that it is a problem,
the current solution, not known at this time.
Regards
Paul
Please feel free to do so, the current thinking, is that it is a problem,
the current solution, not known at this time.
Regards
Paul
> I'm forwarding the following to IB Architects...took
>
> What is the current thinking WRT this problem?
>
> -ST
>
>
>
>
> ----- Original Message -----
> From: Dmitry Garin
> To: steve@...
> Sent: Monday, May 22, 2000 10:29 AM
> Subject: Mischievous SYSDBA
>
>
> Hello Steve.
>
> I don't know if you're still interested but here's some thinking on SYSDBA
> role soultion
>
> 1. Here's an e-mail that I received but I haven't tried it myself:
>
> If you mean that SYSDBA -role solution, I think it is not an answer. It
> only 5 minutes from a newbie like me to open that "protection".already,
>
> When you (customer or competitor of my software) just change the isc4.gdb
> and try to login with SYSDBA to database where we have SYSDBA role
> the IBConsole tells you that there is a role named SYSDBA. Now you justopen
> the db file with some hex-editor, find word SYSDBA, change one letter e.g.which
> to SYTDBA, save file and connect with SYSDBA, and now you have all
> information available again.
>
> Did I miss something, or is it really this easy? Is there a way to encrypt
> the whole gdb file?
>
> -Peter-
>
> 2. Here's another way:
> Now when SYSDBA is off the track what you need to know is the username
> is now your password. So if you copy a database that you need to hack tothe
> new IB server with fresh ISC4.GDB and create any user, then connect tothat
> database under that user - you'll be able to find out the owner of thethat
> database, then create the user =owner and connect to the database under
> user. That's it - you're in.
>
> Besides all this here's something for you. Wouldn't it be easier just to
> encrypt the database. That's the question I asked in the very beginning of
> IB 6 field test and Bill Karwin replied that IB is not planning to improve
> security side and kindly forwarded me to read FAQs on MERS site.
>
> Yours
> Dmitry Garin
>
>
> ------------------------------------------------------------------------
> Failed tests, classes skipped, forgotten locker combinations.
> Remember the good 'ol days
> http://click.egroups.com/1/4053/4/_/830676/_/958984724/
> ------------------------------------------------------------------------
>
> To unsubscribe from this group, send an email to:
> IB-Architect-unsubscribe@onelist.com
>
>
>
>