| Subject | Re: IB security <> FB security |
|---|---|
| Author | garyrhaywood |
| Post date | 2002-03-08T20:45:31Z |
--- In ib-support@y..., "Martijn Tonies" <m.tonies@u...> wrote:
rewrite everything again! Here is some of it.
I agree we need a quick solution to a hole now and a security revamp
in Firebird 2. Because the current model though not the best is
workable except for this hole.
The quick solution I propose - Enable external file access with a
flag file in the directory where the external files are. This file
would contain a list of users who have access rights (or an "All
Users" line). Otherwise everything else remains the same. The update
would only require the current external file directories to have a
flag file added to them.
Inhibiting the external file access should be quick easy change -
(who knows maybe it will work so well it will continue in Firebird 2!)
Gary
PS I wonder if this post will turn up.
>an
> > > Also, I think there should be privileges on who can create/drop
> > externaldatabase
> > > file. I can see the administrator and the owner of the
> > havingfind a
> > > those privileges and can assign them to other users.
> > >
> > > Gary, I don't dismiss your proposal, this is a brainstorm to
> > solution.not
> > >
> >
> > I see that there is a security problem that has to be resolved
> > extra functionality required. The only security problem is theto
> > Administrative rights of Interbase server can be passed on to an
> > unauthorised OS user.
> >
> > I am not clear why you wish to invoke extra functionality - maybe
> > give an example.
>
> Because there's more to the security problem then just this.
>
> InterBase/Firebird security isn't the best - you saw that yourself.
> Anyone who has access to a database can create databases,
> tables, external tables etc - this is a problem. And it's not easy
> resolve it quickly.I just did a post and it hasn't turned up !!! I am not going to
>
> Perhaps we should think about a more complicated security model
> for Firebird 2 instead of creating ad-hoc solutions for the current
> problem (which is just one of many security related problems).
>
>
> Just my 2Euro cents...
>
> Martijn Tonies
> InterBase Workbench - the developer tool for InterBase and Firebird
> http://www.interbaseworkbench.com
>
> Upscene Productions
> http://www.upscene.com
>
> "This is an object-oriented system.
> If we change anything, the users object."
rewrite everything again! Here is some of it.
I agree we need a quick solution to a hole now and a security revamp
in Firebird 2. Because the current model though not the best is
workable except for this hole.
The quick solution I propose - Enable external file access with a
flag file in the directory where the external files are. This file
would contain a list of users who have access rights (or an "All
Users" line). Otherwise everything else remains the same. The update
would only require the current external file directories to have a
flag file added to them.
Inhibiting the external file access should be quick easy change -
(who knows maybe it will work so well it will continue in Firebird 2!)
Gary
PS I wonder if this post will turn up.