Subject Path on win NT 4.0 => INTERBASE SECURITY HOLE
Author Doug Chamberlin
At 5/31/00 08:29 AM (Wednesday), Fabrice Vendé - INFOCOB wrote:
>Isn't it a security hole ?
>On my interbase client I can create a database on the NT server with :
>severname:c:\test.dll

Yes, it is a known security hole.

You don't even need to be an Interbase administrator or an NT
administrator. Anyone who can use Interbase can create a database on the
server. That means anyone who is an Interbase user can fill up any local
hard drive of the server machine completely (unless the disks are specially
protected through access control lists or some such). For many sites this
means the users can effectively take down the server by running it out of
free disk space.