| Subject | Re: [Firebird-Architect] Create of RDB$USERS |
|---|---|
| Author | Dmitry Yemanov |
| Post date | 2005-10-19T12:40:33Z |
"Alex Peshkov" <pes@...> wrote:
define a user which name is longer than 31 characters.
GSEC throws the error "invalid user name (maximum 31 bytes allowed)" in this
case.
now. Am I missing something?
Dmitry
>I don't see any practical security risk as it's currently impossible to
> Leaving rdb$user_name varchar(128) is security risk. What happens in
> case when VeryVeryVeryVeryVeryVeryLongUserName is granted some some
> rights, and after it VeryVeryVeryVeryVeryVeryLongUserName2 is added?
> Suppose it will have all this rights. That's not OK.
define a user which name is longer than 31 characters.
GSEC throws the error "invalid user name (maximum 31 bytes allowed)" in this
case.
> I suggest to restrict it to 31.My motivation differs from yours, but I see no backward compatibility issues
now. Am I missing something?
Dmitry