| Subject | RE: [IB-Architect] Re: Is it _really_ necessary to expose the location of the database file? |
|---|---|
| Author | Claudio Valderrama C. |
| Post date | 2000-08-09T03:54:13Z |
> -----Original Message-----The only missing piece is that you cannot protect the directories from the
> From: Mike Nordell [mailto:tamlin@...]
> Sent: Martes 8 de Agosto de 2000 21:36
>
> Bill Karwin wrote:
> > Where to record the alias definitions:
> [...]
> > 2) ibconfig.
> [...]
> > Disadvantages:
> > - Write security is problematic.
> > - Read security is impossible.
>
> I've got to be missing something, but AFAIK both NT and all current unices
> allows setting of file permissions.
>
> /Mike
server itself and anyone can create an external table currently. I can read
almost any file in the server machine by mapping it to an IB's external
table. At least in NT, it runs by default on System and you can change it to
run on any administrative account and restrict access to that account, by
being an administrative account is per se a problem. Someone should try to
start IB as a service under a non-privileged account, but without using the
guardian.
C.