| Subject | RE: [firebird-support] How to Retrieve All Database Names from the Server? |
|---|---|
| Author | unordained |
| Post date | 2004-05-08T02:24:43Z |
"Kind of more secure" -- security by obscurity. If anything, it just means people intent on doing
so will attempt a costly brute-force search, which will likely cost a bit on the server end. It
doesn't prevent them from finding them, just makes it more difficult. It's like laws -- the good
guy doesn't need 'em, the bad guy doesn't care. The only thing that is actual security is the
username/password system preventing illicit access.
I recall several hosting places (like multimania / lycos) complaining they didn't want
firebird/interbase on their servers (with, instead of mysql) because anyone with a valid
username/password could look at the metadata (though not the data) of other users' databases. They
seemed to think that at least "trade secrets" (or somesuch) would become exposed (metadata is data,
thus valuable.)
---------- Original Message -----------
From: "Alan McDonald" <alan@...>
so will attempt a costly brute-force search, which will likely cost a bit on the server end. It
doesn't prevent them from finding them, just makes it more difficult. It's like laws -- the good
guy doesn't need 'em, the bad guy doesn't care. The only thing that is actual security is the
username/password system preventing illicit access.
I recall several hosting places (like multimania / lycos) complaining they didn't want
firebird/interbase on their servers (with, instead of mysql) because anyone with a valid
username/password could look at the metadata (though not the data) of other users' databases. They
seemed to think that at least "trade secrets" (or somesuch) would become exposed (metadata is data,
thus valuable.)
---------- Original Message -----------
From: "Alan McDonald" <alan@...>
> No - there's no way - it's kind of more secure if noone can tell where and------- End of Original Message -------
> how many dbs are available.