| Subject | Re: [IBDI] Is this true? Can steal GDB file image using an external table. |
|---|---|
| Author | Dalton Calford |
| Post date | 2002-06-12T11:01:17Z |
Ok,
Lets build in automatic security routines into every tool we have, whether or
not the design calls for it. Since the routines will be generic, other tools
will be designed just as quickly to get around the standard security design.
Therefore the only true security will be the applications where the designers
actually put some thought into security instead of relying upon the generic
tools.
So, you can slow down your current applications by implementing a security
model that at best is generic (a one size fits all), or you can develop a
security model that is perfect for your application without the extra
overhead.
Security is a very special subject, and far beyond the scope of this
newsgroup.
The only change I want to the current security model is extra triggers
(working on it) and the isc4.gdb functionality rolled into the user databases
(also looking at it).
You can limit users from any metadata changes with some simple triggers on all
the system tables (Before insert - if CURRENT_USER <> in select from allowed
users table, then raise exception - same with before update or delete....)
best regards
Dalton
Lets build in automatic security routines into every tool we have, whether or
not the design calls for it. Since the routines will be generic, other tools
will be designed just as quickly to get around the standard security design.
Therefore the only true security will be the applications where the designers
actually put some thought into security instead of relying upon the generic
tools.
So, you can slow down your current applications by implementing a security
model that at best is generic (a one size fits all), or you can develop a
security model that is perfect for your application without the extra
overhead.
Security is a very special subject, and far beyond the scope of this
newsgroup.
The only change I want to the current security model is extra triggers
(working on it) and the isc4.gdb functionality rolled into the user databases
(also looking at it).
You can limit users from any metadata changes with some simple triggers on all
the system tables (Before insert - if CURRENT_USER <> in select from allowed
users table, then raise exception - same with before update or delete....)
best regards
Dalton
On Tuesday 11 June 2002 9:29 pm, Gerhardus Geldenhuis wrote:
> Hi
> Should FB not be configured by default to not allow metadate changes for
> users except for sysdba? This way you start out secure and only if the
> sysdba explicitly give you metadata access will you be able to change it.
>
> Groete
> Gerhardus
>
> > The security hole is a database that would allow a user to modify
> > metadata
> > without authorization - bad database design and out of the realm of the
> > engine designers.
> >
> > Best regards
> >
> > Dalton
>
> Community email addresses:
> Post message: IBDI@yahoogroups.com
> Subscribe: IBDI-subscribe@yahoogroups.com
> Unsubscribe: IBDI-unsubscribe@yahoogroups.com
> List owner: IBDI-owner@yahoogroups.com
>
> Shortcut URL to this page:
> http://www.yahoogroups.com/community/IBDI
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/