| Subject | RE: [firebird-support] Re: Users and DB access with FB on web server |
|---|---|
| Author | Simon Carter |
| Post date | 2005-01-20T20:45:12Z |
> -----Original Message-----Granted about tcp sniffers, however a lot of problems can be taken care of
> In theory - all you need is to be sniffing the TCP traffic to
> see SYSDBA and masterkey in clear text floating past.
> *snipped*
> popular, we will finally see someone who wishes nothing but
> ill to those who use it.
by ensuring that the server is as tight as can be permissions, use aliases,
run FB Service under a non Admin user, checking firewall logs for
active/past connections, changing sysdba password on a regular basis and
much more.
> One more point... it is even safer to have the DB Server (andWithout a doubt however many clients like to have direct connection to db
> thus DB) which a webserver connects to, behind a firewall
> where only the webserver can see it.
> Alan
when needed, granted it isn't the fastest / most secure but its important.
In Sep last year I raised this thread
(http://groups.yahoo.com/group/Firebird-Architect/message/5535) in
fb-architect list which lists (imo) some improvements that would help FB
when connected to the www.
Another feature I would add to the list is the ability for FB to add
security audits to Event Log (NT + descendants) these could show
failed/successful connections including username.
Rgds
Si Carter
http://www.tectsoft.net/