| Subject | Re: [ib-support] HKEY_USERS\S-1-5-21..... |
|---|---|
| Author | lester@lsces.globalnet.co.uk |
| Post date | 2001-02-02T16:02:56Z |
Having been working with networked machines for some considerable time,
I use old methods for a lot of things.
Interbase started in a 'secure' operating system, and some of the
historic functions depend on that. Off cause the operating system should
provide the user management, and prevent access from persons who should
not be allowed. Windows is considerably less friendly in this area. The
isc4.gdb database grew out of a need to provide an operating system
independent user management, but it does not quite make it. Roles were
added, but just seem to complicate things.
From a security point of view, SQL code should be directed to the
database one is connecting to, so SQL of SET ALIAS TO xxx needs to be
directed to the security database, and so is a source of possible holes.
If the ALIAS can be changed while not connected to a database, how do
you verify that the user has the right permissions? Apparently simple
requests may not be so simple in practice.
Using your own code to ask a server for information provides a secure
path, we have had enough fun with 'back doors', and how many servers
still have their default SYSDBA password.
--
Lester Caine
-----------------------------
L.S.Caine Electronic Services
I use old methods for a lot of things.
Interbase started in a 'secure' operating system, and some of the
historic functions depend on that. Off cause the operating system should
provide the user management, and prevent access from persons who should
not be allowed. Windows is considerably less friendly in this area. The
isc4.gdb database grew out of a need to provide an operating system
independent user management, but it does not quite make it. Roles were
added, but just seem to complicate things.
From a security point of view, SQL code should be directed to the
database one is connecting to, so SQL of SET ALIAS TO xxx needs to be
directed to the security database, and so is a source of possible holes.
If the ALIAS can be changed while not connected to a database, how do
you verify that the user has the right permissions? Apparently simple
requests may not be so simple in practice.
Using your own code to ask a server for information provides a secure
path, we have had enough fun with 'back doors', and how many servers
still have their default SYSDBA password.
--
Lester Caine
-----------------------------
L.S.Caine Electronic Services