----- Original Message -----
From: "Ann Harrison" <aharrison@...>
To: <firebird-support@yahoogroups.com>
Sent: Wednesday, January 07, 2004 6:17 AM
Subject: Re: [firebird-support] Database Security
> Version 2 will (I expect) have pluggable security - the current
> mechanism and a variety of alternates. 1.5 is too close to release to
> take on this problem
>
> Regards
>
> Ann
Well,
Why not just add new option to firebird.conf
# ----------------------------
# In place security enhancement,when used only MD5 digest of password is
stored in security database.
#Warning: could cause compatibility problems ! Default (Off) is recommended.
# Type: boolean
#
#MD5Password=0
MD5Password = 0 [0/1]
server can use MD5 to compute digest from password and store it (or eight
signs if this is the limit) in security database.Checking password would
also be a straightforward solution.
Besides there is a couple of security holes in FB 1.5 RC8 as Adriano dos
Santos Fernandes describes in his email sent to devel list.