| Subject | Test Program |
|---|---|
| Author | Jim Starkey |
| Post date | 2001-01-10T16:03:01Z |
Sean Leyne has been arguing for a test program to check vulnerability
to back door. He has a very good point, but I am reluctant for
two reasons. First, it's a great template on how to construct
an attack program. Second, given the breadth of platforms and
versions, the logistics are more than I care to face.
But it occurred to me that we could put a test on the firebird
site: enter a node name and an optional database name string it
it says yes, no, or can't tell. The server checks the database
file name before validating the account and password, so we
could check one of:
c:\Program Files\Interbase\isc4.gdb
c:\Program Files\Borland\Interbase\isc4.gdb
/opt/Interbase/isc.gdb
Thoughts?
Jim Starkey
to back door. He has a very good point, but I am reluctant for
two reasons. First, it's a great template on how to construct
an attack program. Second, given the breadth of platforms and
versions, the logistics are more than I care to face.
But it occurred to me that we could put a test on the firebird
site: enter a node name and an optional database name string it
it says yes, no, or can't tell. The server checks the database
file name before validating the account and password, so we
could check one of:
c:\Program Files\Interbase\isc4.gdb
c:\Program Files\Borland\Interbase\isc4.gdb
/opt/Interbase/isc.gdb
Thoughts?
Jim Starkey