At 03:08 PM 29/01/2005 -0200, you wrote:

>It 's time to rethink some things, alas the ability of new
>authenticated users (with no rights) to create database objects. And
>the size of our really working password (which is 8 chars)
>to something wider (such 20 or + chars).

These problems are, of course, addressed in the new security structures for
Firebird 2.

>But someone who let sysdba pass unchanged on
>a production site deserve such a attack.

Certainly. But the MySQL worm manifests itself by infecting UDF code. The
same exploit is available to a badly protected site running a Firebird
database that uses UDFs or, indeed, international languages.

The problem - for both MySQL and Firebird - affects badly protected
sites. In both cases, the protection for external libraries is already
there. But some developers are too stupid or too lazy to implement it---it
is they who allow the exploits to happen.

Both MySQL and Firebird suffer from the same disadvantage: we try to make
it easy for really stupid people. No matter how much security you build
into the system, you won't stop idiot developers from distributing
vulnerable applications. Those are the systems that get targeted by the
virus writers. And, when the exploit happens, the mud sticks to all of us.

Helen