Hi Geoff

At 12:39 pm 16/12/2004, you wrote:

> > Well SYSDBA is the first login a guy will try with masterkey
> > as the password, I just want to foul the first login.

I was uninformed/naive when I posted originally. But after going through
this thread, it seems I have touched of a nerve somewhere and it seems the
nerve is same throughout the RDBMS spectrum, according to what has been
posted here.

>The logic is; If a stranger to your system does not know any
>of the administrative user names then a brute force attack is
>stuck with guessing both the user name and the password, adding
>a level of difficulty.

My thought exactly.

>As for network access security - well changing the SYSDBA
>user name may help, but the better option is to improve the
>authentication system.

Though maybe a weak idea, I liked the idea of PKZip containing the password
itself (though there are brute force utils available to crack it). Contain
the stuff in the database itself so the whole lot goes where the .fdb
goes. If so then atleast a recompile of FireBird, no forget it I guess not
recompile can bypass even this.



Regards
Bhavbhuti
___________________________________________
Softwares for Indian Businesses at:
http://ahmedabad.sancharnet.in/vso_ad1/
namitbn@...
___________________________________________

----------



No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.296 / Virus Database: 265.5.4 - Release Date: 15/12/2004


[Non-text portions of this message have been removed]