Subject RE: [firebird-support] Re: Users and DB access with FB on web server
Author Simon Carter
> -----Original Message-----
> In theory - all you need is to be sniffing the TCP traffic to
> see SYSDBA and masterkey in clear text floating past.
> *snipped*
> popular, we will finally see someone who wishes nothing but
> ill to those who use it.

Granted about tcp sniffers, however a lot of problems can be taken care of
by ensuring that the server is as tight as can be permissions, use aliases,
run FB Service under a non Admin user, checking firewall logs for
active/past connections, changing sysdba password on a regular basis and
much more.

> One more point... it is even safer to have the DB Server (and
> thus DB) which a webserver connects to, behind a firewall
> where only the webserver can see it.
> Alan

Without a doubt however many clients like to have direct connection to db
when needed, granted it isn't the fastest / most secure but its important.

In Sep last year I raised this thread
( in
fb-architect list which lists (imo) some improvements that would help FB
when connected to the www.

Another feature I would add to the list is the ability for FB to add
security audits to Event Log (NT + descendants) these could show
failed/successful connections including username.


Si Carter