| Subject | RE: [firebird-support] Customising Security database |
|---|---|
| Author | Alan McDonald |
| Post date | 2004-12-14T06:14:28Z |
> > > At 12/13/2004 07:17 PM (Monday), Alan McDonald wrote:The server installer allows for the server to be placed in other than a
> > > >So how does a hacker or even someone who has genuine reason
> to know, find
> > > >the path to the security database without asking that the
> > > sofware installer
> > > >find the path and register it with the application?
>
> Gosh, you don't need an API call to find out where the security database
> is. It can't be anywhere other than where it always is, in the server's
> root directory. Not only is it widely and public documented,
> it's obvious
> to anyone who installs the server. So expecting to secure the security
> database by obscuring its location is a non-issue.
>
default directory.
And different OSs need it in a myriad of places.
So it can be in many different places from the point of view of the client
application.
NOW - this makes absolutely no difference when you think of just connecting
to a database with a username and password. But when you wish to allow users
the ablity to edit their own password and (most importantly) a SYSDBA to log
on to your application, see a list of all users, edit/reset their passwords,
delete users and also conveniently edit his/her own password... then you
need the path to the security database.
Alan