| Subject | Re: [Firebird-Architect] Create of RDB$USERS |
|---|---|
| Author | Jim Starkey |
| Post date | 2005-10-19T14:50:05Z |
Dmitry Yemanov wrote:
characters. Is there a serious issue here?
--
Jim Starkey
Netfrastructure, Inc.
978 526-1376
>"Alex Peshkov" <pes@...> wrote:I don't see any security risk even if the user names were capped at 64K
>
>
>>Leaving rdb$user_name varchar(128) is security risk. What happens in
>>case when VeryVeryVeryVeryVeryVeryLongUserName is granted some some
>>rights, and after it VeryVeryVeryVeryVeryVeryLongUserName2 is added?
>>Suppose it will have all this rights. That's not OK.
>>
>>
>
>I don't see any practical security risk as it's currently impossible to
>define a user which name is longer than 31 characters.
>GSEC throws the error "invalid user name (maximum 31 bytes allowed)" in this
>case.
>
>
>
>
>
characters. Is there a serious issue here?
--
Jim Starkey
Netfrastructure, Inc.
978 526-1376