Subject Re: [IBDI] Internet
Author Peter Morris
> If you don't register them or even if you register them, it doesn't mean
> can log into them.

If you register the database, you can log in. You just can't select data.

> What do you consider most valuable, your data or your metadata? The hacker
> will know I have a table CUSTOMER with 8 fields... and SO WHAT?

It is copyrighted information. Not only can they see my meta-data but they
can also see the source code to my triggers etc.

Apart from this, they CAN ruin data by causing me to miss important number
sequences (such as purchase order number, or invoice number) by simply

select GEN_ID(GEN_TEST,1) from RDB$Database

Even though sysdba created the generator, someone never given permission to
anything can go in and happily waste generator numbers, tell me that isn't a
problem !! :-)

> This is a problem when you allow people from outside to connect to your db
> directly. Even the person using the most secure RDBMS would have doubts
> about doing such thing.

Only people with accounts themselves, through a shell or something. The DB
could be behind a firewall where only the local machine can open the IB
port, but you still need to protect against other customers of the host.