Subject Re: RES: [ib-support] Where I find a really good security specific IB/FB group?
Author Edwin Pratomo
Rafael Thomazi Bratti wrote:
> OK, we can develop a third-tier application, and deny
> the 3050 port for every machine and grant access only to
> the mid-tier Application, but if we could trust the
> security of Firebird none of this is necessary.

If you're using Firebird on Linux, you don't need to develop such
things, just use ipchains/iptables to allow access to port 3050 on the
machine only from trusted hosts.
In an article on ibphoenix I read about /etc/gds_hosts.equiv to do
similar task, but it didn't work when I tried it.

> In the actual form, Firebird can be target of brute-force
> attacks. I read some article to improve ISC4.GDB to block this,
> but don?t you think it should be standard?

We should also worry about a kind of DOS attack which simply open
excessive socket connections (and do nothing) until the server hits max
number of socket. That's why restricting access and accepting
connections only from trusted hosts is necessary in several cases, web
hosting environment as an example.

> Any comments??
> Rafael!