Subject Re: [firebird-support] Re: possible to CREATE a TRIGGER from a INSIDE?
Author Alexandre Benson Smith
mikcaau wrote:

>Execute Statement is a hole in Firebird that will be exploited soon if
>not already.
>To destroy a database hacker only needs a username and password.
>I would like an option to disable it.
>2c from Mick

I agree that EXECUTE STATEMENT could be a security breach if bad used.
I agree a developer could misuse it and shoot his foot
I agree that people tend to do what should never be done with it

But I don't understand how EXECUTE STATEMENT could be more dangerous to
the database than ISQL for a hacker with a valid username and password.

see you !

Alexandre Benson Smith
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil