| Subject | Re: [firebird-support] Re: possible to CREATE a TRIGGER from a INSIDE? |
|---|---|
| Author | Alexandre Benson Smith |
| Post date | 2005-10-29T20:29:45Z |
mikcaau wrote:
I agree that EXECUTE STATEMENT could be a security breach if bad used.
I agree a developer could misuse it and shoot his foot
I agree that people tend to do what should never be done with it
But I don't understand how EXECUTE STATEMENT could be more dangerous to
the database than ISQL for a hacker with a valid username and password.
see you !
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br
>Execute Statement is a hole in Firebird that will be exploited soon ifMick,
>not already.
>To destroy a database hacker only needs a username and password.
>I would like an option to disable it.
>2c from Mick
>
>
I agree that EXECUTE STATEMENT could be a security breach if bad used.
I agree a developer could misuse it and shoot his foot
I agree that people tend to do what should never be done with it
But I don't understand how EXECUTE STATEMENT could be more dangerous to
the database than ISQL for a hacker with a valid username and password.
see you !
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br