| Subject | Re: [firebird-support] Create SYSDBA power under a different name and then delete SYSDBA |
|---|---|
| Author | Charles-Henri Balet |
| Post date | 2004-12-16T05:53:21Z |
Yes right for other databases, but for make a backup of this database you
must know the administator or backup password !
you can't access one of this database without password know, it's not the
same for IB, I copy the DB and I access
thanks
chb
must know the administator or backup password !
you can't access one of this database without password know, it's not the
same for IB, I copy the DB and I access
thanks
chb
----- Original Message -----
From: "Alexandre Benson Smith" <iblist@...>
To: <firebird-support@yahoogroups.com>
Sent: Thursday, December 16, 2004 10:34 AM
Subject: Re: [firebird-support] Create SYSDBA power under a different name
and then delete SYSDBA
>
> Charles-Henri Balet wrote:
>
>>I'm happy to read your message Namit, it's my solution too, only rename
>>SYSDBA user for multiply by 100 the security of the database
>>for 99.99% of users (yes, it's remain software developper that can modify
>>the source code of firebird for bypass security, it's easy for
>>me too, but 99.99% of users can't make that) but much are able to only
>>copy
>>my fdb database to an other firebird server and have access
>>to all information without write any code line and don't know software
>>!!!!!! I don't want obtain a 100% access free of my database but
>>a minimum of security, and now with the actual state of SYSDBA access, we
>>can't have any little secure protection, try that make that with
>>Oracle or Sybase or MS Server !!!!!! and say me, I work with this database
>>too ...
>>Peraps the separate security database is a good think, but it's difficult
>>to
>>explain to our client that any that can copy the fdb file can access to
>>all
>>information of their database, without crack or software modify, only a
>>copy
>>on a new server, the question of my client : and the encrypted password
>>that we have giving !!!! for nothing unfortunately, and all this only for
>>a
>>SYSDBA user definition that we can rename or revoke !
>>If I can rename SYSDBA user, I can put "grant" access on all my users and
>>99.99 % can't access my database, it's not perfect, but more better I
>>think
>>that none security like now !
>>
>>best regards
>>
>>balet charles-henri
>>
>>
> hummmm, I don't think so...
>
> I have just copied a MSSQL backup file yesterday and today I just
> restored it, and have full access too... I don't even know the sa
> password defined on that server, and the MSSQL security is integrated
> with NT users password.
>
> I have pumped some Oracle databases between my Notebook and my
> development server and it restored too.
>
> So, without security to the database or backup files, there is no
> security, the DB server could be FB, IB, MSSQL, Oracle, and I think
> Sybase and others too.
>
> see you !
>
> --
>
> Alexandre Benson Smith
> Development
> THOR Software e Comercial Ltda.
> Santo Andre - Sao Paulo - Brazil
> www.thorsoftware.com.br
>
>
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>
>