| Subject | an ounce of caution on installation (NT) and security patches |
|---|---|
| Author | rayholme |
| Post date | 2005-04-01T15:33:25Z |
Just for the record - when you install firebird 1.5.2 on a windoze box
(yuck) - there is a little problem - it installs fine, but does not
leave any obvious place where the computed password for sysdba is. It
is no longer masterke[y] and there is no obvious place to find the key
as there is on a Linux or Unix box (tis not in the book - boo hoo hoo).
Secondly, I carefully followed the instuctions in Helen's book to make
the security database more secure as proposed by Ivan (Both items -
page 707-709) - look great, but it does not work at all. After
bringing the 1.5.2 server down (saved the old one natch) and
overwriting the security.fdb with the changed version as advised -
firebird comes up fine - but gsec says "cannot attach to password
database" and the server will not come down. Of course, kill (-9)
still works and a quick restore of the original allowed all to go back
to normal.
BELOW is the exact sequence I used to fix the database - putting
together the two scripts recommended. Anybody see anything wrong?
------------------
create exception e_no_right 'You have no rights to modify this user';
create table users2 (
user_name user_name,
sys_user_name user_name,
group_name user_name,
uid uid,
gid gid,
passwd passwd,
privilege privilege,
comment comment,
first_name name_part,
middle_name name_part,
last_name name_part,
full_name computed by
(first_name || _unicode_fss ' ' || middle_name || _unicode_fss ' ' ||
last_name ));
commit;
insert into users2 (user_name, sys_user_name, group_name, uid, gid,
passwd, privilege, comment, first_name, middle_name, last_name)
select user_name, sys_user_name, group_name, uid, gid,
passwd, privilege, comment, first_name, middle_name, last_name from
users;
create unique index user_name_index2 on users2(user_name);
commit;
drop table users;
commit;
create view users as select * from users2
where user = '' or user = 'SYSDBA' or user = user_name;
grant select on users2 to public;
grant update(passwd, group_name, uid, gid, first_name, middle_name,
last_name)
on users to public;
set term ^;
create trigger update0_users for users before update position 0 as
begin
if (user!='SYSDBA' and user=old.user_name) then exception e_no_right;
end^
commit^
exit^
(yuck) - there is a little problem - it installs fine, but does not
leave any obvious place where the computed password for sysdba is. It
is no longer masterke[y] and there is no obvious place to find the key
as there is on a Linux or Unix box (tis not in the book - boo hoo hoo).
Secondly, I carefully followed the instuctions in Helen's book to make
the security database more secure as proposed by Ivan (Both items -
page 707-709) - look great, but it does not work at all. After
bringing the 1.5.2 server down (saved the old one natch) and
overwriting the security.fdb with the changed version as advised -
firebird comes up fine - but gsec says "cannot attach to password
database" and the server will not come down. Of course, kill (-9)
still works and a quick restore of the original allowed all to go back
to normal.
BELOW is the exact sequence I used to fix the database - putting
together the two scripts recommended. Anybody see anything wrong?
------------------
create exception e_no_right 'You have no rights to modify this user';
create table users2 (
user_name user_name,
sys_user_name user_name,
group_name user_name,
uid uid,
gid gid,
passwd passwd,
privilege privilege,
comment comment,
first_name name_part,
middle_name name_part,
last_name name_part,
full_name computed by
(first_name || _unicode_fss ' ' || middle_name || _unicode_fss ' ' ||
last_name ));
commit;
insert into users2 (user_name, sys_user_name, group_name, uid, gid,
passwd, privilege, comment, first_name, middle_name, last_name)
select user_name, sys_user_name, group_name, uid, gid,
passwd, privilege, comment, first_name, middle_name, last_name from
users;
create unique index user_name_index2 on users2(user_name);
commit;
drop table users;
commit;
create view users as select * from users2
where user = '' or user = 'SYSDBA' or user = user_name;
grant select on users2 to public;
grant update(passwd, group_name, uid, gid, first_name, middle_name,
last_name)
on users to public;
set term ^;
create trigger update0_users for users before update position 0 as
begin
if (user!='SYSDBA' and user=old.user_name) then exception e_no_right;
end^
commit^
exit^