Subject Re: [Firebird-Architect] Create of RDB$USERS
Author Jim Starkey
Alex Peshkov wrote:

>Well, let's leave them 128.
For the record, I didn't change the length. The Firebird 1.5 USERS
table also has a USER_NAME length of 128. Why people have a bug up
their ass about the user name length in a database table is an utter
mystery to me.

>Related question - there is a real security bug, which comes from
>UserName length. In order to create security class from user name,
>"SQL$" prefix is added to it. That's why effective length of user name
>is not 31, but 27. All checks are done for 31, not 27. Therefore 2
>users, who's names differ in last 4 bytes, will have same security class
>and share access rights to databases.
>What should we do with it?
Why is it creating a security class name from the user name?


Jim Starkey
Netfrastructure, Inc.
978 526-1376