Subject | Re: [firebird-support] Re: Is Firebird too weak for a business environment? |
---|---|
Author | chee hee |
Post date | 2003-12-01T02:21:45Z |
Hi All,
For FB Embed, all it needs is user_id to login. Password is ignored, this makes FB embed even more un-secure.
cm
michael welsch <m.welsch@...> wrote:
Hi Martijn,
we met at the firebird conference in Fulda, I was the one who won a
licence for DB Workbench, thanks a lot it is helping very much to
get into it. Unthinkable to work without it!
You said that unless you don't have the SYSDBA password you can't
have access to the data. But what about copying the database file to
another machine, connecting as any database user in DB Workbench and
do "Exract DDL" including grants? Then you can see the name of the
authorized user in that database. You then can create such a user on
the machine and - there you go!
Is that scenario I described possible?
With regards
Michael
--- In firebird-support@yahoogroups.com, "Martijn Tonies"
<m.tonies@u...> wrote:
To unsubscribe from this group, send an email to:
firebird-support-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
---------------------------------
Download Yahoo! Messenger now for a chance to WIN Robbie Williams "Live At Knebworth DVD"
[Non-text portions of this message have been removed]
For FB Embed, all it needs is user_id to login. Password is ignored, this makes FB embed even more un-secure.
cm
michael welsch <m.welsch@...> wrote:
Hi Martijn,
we met at the firebird conference in Fulda, I was the one who won a
licence for DB Workbench, thanks a lot it is helping very much to
get into it. Unthinkable to work without it!
You said that unless you don't have the SYSDBA password you can't
have access to the data. But what about copying the database file to
another machine, connecting as any database user in DB Workbench and
do "Exract DDL" including grants? Then you can see the name of the
authorized user in that database. You then can create such a user on
the machine and - there you go!
Is that scenario I described possible?
With regards
Michael
--- In firebird-support@yahoogroups.com, "Martijn Tonies"
<m.tonies@u...> wrote:
>product and
>
>
> > Sorry Martijn,
>
> Ah, no need - I wrote a ":-)" behind it... Just joking around.
>
> > > Hey hey hey, Database Workbench is a feature, not a bug :-)
> >
> > Hey don't get me wrong, I am a register user of this very fine
> > use it all day long, every day and it is an indispensable toolin my
> > development process. Keep up the great work you are doing onthis
> product.model,
> > If the Firebird development team does come up a better security
> thentools to
> > this will protect us developers from someone using one of these
> > view our schemas or data without the proper permission to do do.password
>
> I know what you mean - pretty much any user can now view schemata -
> however, the data itself is secure, unless you know the SYSDBA
> or if you have granted rights to the PUBLIC user.SQL Server.
>
>
> With regards,
>
> Martijn Tonies
> Database Workbench - developer tool for InterBase, Firebird & MS
> Upscene ProductionsYahoo! Groups SponsorADVERTISEMENT
> http://www.upscene.com
To unsubscribe from this group, send an email to:
firebird-support-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
---------------------------------
Download Yahoo! Messenger now for a chance to WIN Robbie Williams "Live At Knebworth DVD"
[Non-text portions of this message have been removed]