| Subject | Re: [Firebird-Architect] Create of RDB$USERS |
|---|---|
| Author | Jim Starkey |
| Post date | 2005-10-19T15:28:19Z |
Alex Peshkov wrote:
table also has a USER_NAME length of 128. Why people have a bug up
their ass about the user name length in a database table is an utter
mystery to me.
--
Jim Starkey
Netfrastructure, Inc.
978 526-1376
>>For the record, I didn't change the length. The Firebird 1.5 USERS
>>
>
>Well, let's leave them 128.
>
>
table also has a USER_NAME length of 128. Why people have a bug up
their ass about the user name length in a database table is an utter
mystery to me.
>Related question - there is a real security bug, which comes fromWhy is it creating a security class name from the user name?
>UserName length. In order to create security class from user name,
>"SQL$" prefix is added to it. That's why effective length of user name
>is not 31, but 27. All checks are done for 31, not 27. Therefore 2
>users, who's names differ in last 4 bytes, will have same security class
>and share access rights to databases.
>What should we do with it?
>
>
--
Jim Starkey
Netfrastructure, Inc.
978 526-1376