Subject Re: [ib-support] Where I find a really good security specific IB/FB group?
Author Scott Taylor
At 03:45 AM 12/07/2002, you wrote:
>Hi all!
>
>Does anybody knows where can I find a security specific IB/FB group?
>I'm now going to be responsible for a server on net, so I must be up
>to date with the security issues..

I've been looking for FB/IB issues for over a year and only thing I can
ever come up with is a backdoor that was in Interbase prior to
Firebird. So make sure you have the latest version.

I have not seen and FB/IB security groups, not to say one doesn't exist.

The worse security issues, that I can see, is plain text passwords that get
sent over the net to port 3050, and that Firebird runs as root, by default.

Firebird Super Server comes with a script that will add the user "firebird"
and set all the permissions to the new user. Very advisable to do, though
I don't know if it works the same on NT, then again, (some might disagree)
I would never use NT for something I wanted secure either. ;)

Hans pointed out this kewl project:
http://sourceforge.net/projects/zebedee/
which will allow you to create a secure tunnel between client and server by
encrypting and compressing your data stream. The compression is gravy as
it'll just speed up the flow.

That's about all I can offer, right now, other than a link to
http://ibphoenix.com/ and http://firebird.sourceforge.net/

Don't be afraid to ask your security questions here though, even if they
all just seem like a bunch of code warriors. ;)

Good luck.

Scott.