| Subject | RE: [firebird-support] Varchar fields vs text blobs |
|---|---|
| Author | Ann W. Harrison |
| Post date | 2004-11-01T20:12:35Z |
At 02:54 PM 11/1/2004, Alan McDonald wrote:
database user id and password, or equivalent, but then you
can just probe with random values that might be blob ids.
Regards,
Ann
> > "Yes, if you have the ID of the blob, you can read it withoutNo, unfortunately, you don't need table access. You need a
> > going through the table-based security. But the only way to
> > get the blob ID is to read the record that contains it, which
> > is, of course, subject to table-based security. The ID is
> > system generated."
> > Pr. definition the data is not secure. I do not know the complexity of the
> > ID, but in a large database with many blobs i guess it would possible to
> > get some of the blobs by simple "brute force"
>
>You'd still have to have access to the database (as well as table access).
database user id and password, or equivalent, but then you
can just probe with random values that might be blob ids.
>If you have the physical file, then all bets are off anyway.There's no need for physical file access.
Regards,
Ann