Subject RES: [ib-support] Where I find a really good security specific IB/FB group?
Author Rafael Thomazi Bratti

I like to spend my too Real cents here... :)

What about a large office with thin clients, and
a bad-intentioned employee trying to break into the
Database to steal secret information?

Or a School with some children trying to change their
notes or hacking into the payment Database?

OK, we can develop a third-tier application, and deny
the 3050 port for every machine and grant access only to
the mid-tier Application, but if we could trust the
security of Firebird none of this is necessary.

In the actual form, Firebird can be target of brute-force
attacks. I read some article to improve ISC4.GDB to block this,
but don’t you think it should be standard?

Any comments??


-----Mensagem original-----
De: Paul Schmidt [mailto:paul@...]
Enviada em: segunda-feira, 15 de julho de 2002 14:55
Assunto: Re: [ib-support] Where I find a really good security specific
IB/FB group?

On 12 Jul 2002 at 9:38, Scott Taylor wrote:

> At 03:45 AM 12/07/2002, you wrote:
> >Hi all!
> >
> >Does anybody knows where can I find a security specific IB/FB group?
> >I'm now going to be responsible for a server on net, so I must be up
> >to date with the security issues..
> I've been looking for FB/IB issues for over a year and only thing I
> can ever come up with is a backdoor that was in Interbase prior to
> Firebird. So make sure you have the latest version.
> I have not seen and FB/IB security groups, not to say one doesn't
> exist.
> The worse security issues, that I can see, is plain text passwords
> that get sent over the net to port 3050, and that Firebird runs as
> root, by default.

I think you don't see many database related security groups, is because
it's the
wrong place to secure data. Security should be a network issue rather
then a
database issue. For example if you have a thin client say a web page
that allows
database access, then you use shttp as the protocol, so the browser
encrypts the
page response it gets sent down the wire encrypted, and then at the
server the web
server decrypts the data, and passes the password in plain text to the
database. By
the same token if you have a fat client you use something like VPN so
that the
tunnel does the encryption/decryption.

> Firebird Super Server comes with a script that will add the user
> "firebird" and set all the permissions to the new user. Very
> advisable to do, though I don't know if it works the same on NT, then
> again, (some might disagree) I would never use NT for something I
> wanted secure either. ;)
> Hans pointed out this kewl project:
> which will allow you to create a secure tunnel between client and
> server by encrypting and compressing your data stream. The
> compression is gravy as it'll just speed up the flow.
> That's about all I can offer, right now, other than a link to
> and
> Don't be afraid to ask your security questions here though, even if
> they all just seem like a bunch of code warriors. ;)
> Good luck.
> Scott.
> ------------------------ Yahoo! Groups Sponsor
> ---------------------~--> Save on REALTOR Fees
> ---------------------------------------------------------------------~
> ->
> To unsubscribe from this group, send an email to:
> Your use of Yahoo! Groups is subject to

Paul Schmidt, President
Tricat Technologies

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to