| Subject | Re: [Firebird-Architect] External Engines Implementation Details |
|---|---|
| Author | Alex Peshkov |
| Post date | 2008-01-13T15:29:31Z |
On Saturday 29 December 2007 16:37, Adriano dos Santos Fernandes wrote:
Yes, such connection will be allowed. It may be connected with a name of OS
user, running such plugin. If one wants to effectively disable effects of
such login, he should not grant that user any rights. Exactly like in any
other case when trusted authentication is enabled.
> Alex Peshkov wrote:Sorry, I was thinking about internal trusted here.
> >> Let me explain my doubts... If trusted auth. is enabled in a server,
> >> attachments from *this* server may not need password and may be SYSDBA,
> >> correct?
> >>
> >>
> >>
> >> And the same question for C plugin that tries to connect to localhost
> >> via fbclient.
> >
> > Let me begin with this question which is very simple. No problems with
> > such connections. They pass through remote layer, which strips all
> > internal (like you have correctly called them) tags from DPB. Therefore -
> > no, it can't.
>
> But this type of connection go to normal (not know to server) fbclient.
> Therefore, isn't this connection from a normal trusted client and
> trusted auth will be allowed?
Yes, such connection will be allowed. It may be connected with a name of OS
user, running such plugin. If one wants to effectively disable effects of
such login, he should not grant that user any rights. Exactly like in any
other case when trusted authentication is enabled.