Subject RE: [firebird-support] Varchar fields vs text blobs
Author Ann W. Harrison
At 02:54 PM 11/1/2004, Alan McDonald wrote:

> > "Yes, if you have the ID of the blob, you can read it without
> > going through the table-based security. But the only way to
> > get the blob ID is to read the record that contains it, which
> > is, of course, subject to table-based security. The ID is
> > system generated."

> > Pr. definition the data is not secure. I do not know the complexity of the
> > ID, but in a large database with many blobs i guess it would possible to
> > get some of the blobs by simple "brute force"
>You'd still have to have access to the database (as well as table access).

No, unfortunately, you don't need table access. You need a
database user id and password, or equivalent, but then you
can just probe with random values that might be blob ids.

>If you have the physical file, then all bets are off anyway.

There's no need for physical file access.