Subject Re: [firebird-support] Database Security
Author Boguslaw Brandys
----- Original Message -----
From: "Ann Harrison" <aharrison@...>
To: <>
Sent: Wednesday, January 07, 2004 6:17 AM
Subject: Re: [firebird-support] Database Security

> Version 2 will (I expect) have pluggable security - the current
> mechanism and a variety of alternates. 1.5 is too close to release to
> take on this problem
> Regards
> Ann


Why not just add new option to firebird.conf

# ----------------------------
# In place security enhancement,when used only MD5 digest of password is
stored in security database.
#Warning: could cause compatibility problems ! Default (Off) is recommended.
# Type: boolean

MD5Password = 0 [0/1]

server can use MD5 to compute digest from password and store it (or eight
signs if this is the limit) in security database.Checking password would
also be a straightforward solution.
Besides there is a couple of security holes in FB 1.5 RC8 as Adriano dos
Santos Fernandes describes in his email sent to devel list.