Subject | RE: [firebird-support] Re: Users and DB access with FB on web server |
---|---|
Author | Alan McDonald |
Post date | 2005-01-20T12:48:58Z |
> I'd suggest the ISP *not* to do this. It opens a hole in security sinceIn theory - all you need is to be sniffing the TCP traffic to see SYSDBA and
> Firebird's protocol goes unencrypted.
>
> Could you elaborate on the hole that is opened? for many years I
> have used direct connection over
> internet without (*touch wood*) a problem to date.
>
> That said I can see the benefit of Zebedee (or similar products)
> but I should imagine it will be an
> optional extra from ISP's rather than the norm. I'm not aware of
> many ISP's who use this type of
> method for remote access to FB, IB, MySQL or SQL Server.
>
> rgds
>
> Si Carter
> http://www.tectsoft.net/
masterkey in clear text floating past.
Sniffers are usually set to catch words like USERNAME or UNAME etc as well
as PWORD PASSWORD etc. So as soon as these trigger, the sniffer can log
surrounding traffic stream to ensure they have both username, password and
IP adress, port etc to which the traffic was directed.
I too have been using IB and FB for years but I very rarely connect to the
database directly. I think our current safety level has been a matter of
"who has been interested in Port 3050 traffic?". Hackers would rather 4328
or whatever SQL runs on.. or the Oracle port maybe? After all - they still
have a lot of time and effort to expend once they has the uname and
password.
At least with zebedee would eliminate the clear text from the comms stream.
But times will change and when FB becomes more and more popular, we will
finally see someone who wishes nothing but ill to those who use it.
One more point... it is even safer to have the DB Server (and thus DB) which
a webserver connects to, behind a firewall where only the webserver can see
it.
Alan