Subject RE: [IBDI] Internet
Author Claudio Valderrama C.
> -----Original Message-----
> From: Peter Morris [mailto:pmorris@...]
> Sent: Martes 5 de Junio de 2001 12:34
> I think both DBs are incorrect, MS SQL should not show the other databases
> unless you register them,

If you don't register them or even if you register them, it doesn't mean you
can log into them.

> but IB has the worst case where meta-data
> (copyrighted information) is extractable without any access
> permission,

What do you consider most valuable, your data or your metadata? The hacker
will know I have a table CUSTOMER with 8 fields... and SO WHAT?

> and
> the database may have new tables added !

This is major and known design flaw. In general, metadata operations aren't

> I am sure anyone in the slightest bit concerned (paranoid ?) about their
> database security will agree with me that relying on the hacker not to
> "guess" where a database is is a bad idea. Unix permissions do not come
> into this as it may be a windows machine.

This is a problem when you allow people from outside to connect to your db
directly. Even the person using the most secure RDBMS would have doubts
about doing such thing.