| Subject | Re: [firebird-support] Create SYSDBA power under a different name and then delete SYSDBA |
|---|---|
| Author | Alexandre Benson Smith |
| Post date | 2004-12-16T06:34:41Z |
Charles-Henri Balet wrote:
I have just copied a MSSQL backup file yesterday and today I just
restored it, and have full access too... I don't even know the sa
password defined on that server, and the MSSQL security is integrated
with NT users password.
I have pumped some Oracle databases between my Notebook and my
development server and it restored too.
So, without security to the database or backup files, there is no
security, the DB server could be FB, IB, MSSQL, Oracle, and I think
Sybase and others too.
see you !
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br
>I'm happy to read your message Namit, it's my solution too, only renamehummmm, I don't think so...
>SYSDBA user for multiply by 100 the security of the database
>for 99.99% of users (yes, it's remain software developper that can modify
>the source code of firebird for bypass security, it's easy for
>me too, but 99.99% of users can't make that) but much are able to only copy
>my fdb database to an other firebird server and have access
>to all information without write any code line and don't know software
>!!!!!! I don't want obtain a 100% access free of my database but
>a minimum of security, and now with the actual state of SYSDBA access, we
>can't have any little secure protection, try that make that with
>Oracle or Sybase or MS Server !!!!!! and say me, I work with this database
>too ...
>Peraps the separate security database is a good think, but it's difficult to
>explain to our client that any that can copy the fdb file can access to all
>information of their database, without crack or software modify, only a copy
>on a new server, the question of my client : and the encrypted password
>that we have giving !!!! for nothing unfortunately, and all this only for a
>SYSDBA user definition that we can rename or revoke !
>If I can rename SYSDBA user, I can put "grant" access on all my users and
>99.99 % can't access my database, it's not perfect, but more better I think
>that none security like now !
>
>best regards
>
>balet charles-henri
>
>
I have just copied a MSSQL backup file yesterday and today I just
restored it, and have full access too... I don't even know the sa
password defined on that server, and the MSSQL security is integrated
with NT users password.
I have pumped some Oracle databases between my Notebook and my
development server and it restored too.
So, without security to the database or backup files, there is no
security, the DB server could be FB, IB, MSSQL, Oracle, and I think
Sybase and others too.
see you !
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br