Subject | Path on win NT 4.0 => INTERBASE SECURITY HOLE |
---|---|
Author | Doug Chamberlin |
Post date | 2000-05-31T12:36:39Z |
At 5/31/00 08:29 AM (Wednesday), Fabrice Vendé - INFOCOB wrote:
You don't even need to be an Interbase administrator or an NT
administrator. Anyone who can use Interbase can create a database on the
server. That means anyone who is an Interbase user can fill up any local
hard drive of the server machine completely (unless the disks are specially
protected through access control lists or some such). For many sites this
means the users can effectively take down the server by running it out of
free disk space.
>Isn't it a security hole ?Yes, it is a known security hole.
>On my interbase client I can create a database on the NT server with :
>severname:c:\test.dll
You don't even need to be an Interbase administrator or an NT
administrator. Anyone who can use Interbase can create a database on the
server. That means anyone who is an Interbase user can fill up any local
hard drive of the server machine completely (unless the disks are specially
protected through access control lists or some such). For many sites this
means the users can effectively take down the server by running it out of
free disk space.