| Subject | RE: [ib-support] IB security |
|---|---|
| Author | Rado Benc |
| Post date | 2001-08-01T13:03:45Z |
Hi,
UPDATE RDB$PROCEDURES
SET RDB$PROCEDURE_SOURCE = NULL;
Commit and see what happens. (Make sure you have the sources backed up prior
doing that - it is not that easy to get the sources from BLR :-) ).
restore, the procedure sources would not be re-created - as expected.
The only solution I know of is to avoid physical access to both databases
and
backups for "unauthorized" persons.
HTH,
Rado
> I feel security is a weak point in IB/FB armor (correct me if amIMHO, yes.
> wrong).
> - Does IB/FB metadata (especially stored procedures code) have to beYou can remove the sources from the database:
> available to anyone who has access to the database? What if the database
> developer does not want the source code to be available?
UPDATE RDB$PROCEDURES
SET RDB$PROCEDURE_SOURCE = NULL;
Commit and see what happens. (Make sure you have the sources backed up prior
doing that - it is not that easy to get the sources from BLR :-) ).
> - The database data and metadata can be viewed by anybody having a backupYes. However, if you remove procedure sources and then perform a backup and
> copy of the database if that person has administrator rights on any IB/FB
> server.
restore, the procedure sources would not be re-created - as expected.
The only solution I know of is to avoid physical access to both databases
and
backups for "unauthorized" persons.
> - The password is 32 characters long, but only the first 8 are significantYes. I believe that IB / FB development would address this problem soon.
> (though it is case sensitive).
> - I am not sure about this point: can anybody who has physicaladministrator
> access to the gdb file copy it to another computer where he has
> rights and log into the database?Yes. As I wrote above - avoid it.
> Finally, what are the bugs plaguing stored procedures in IB/FB,As far as I know, both IB and FB are under "serious" development.
> and is there a fix soon?
HTH,
Rado