| Subject | Re: Database Security, or lack thereof |
|---|---|
| Author | lance8086 |
| Post date | 2005-05-08T23:50:22Z |
--- In firebird-support@yahoogroups.com, Geoff Worboys <geoff@t...>
wrote:
designed as a developers internal database where it would be used by
an application and not directly by the users.
have/need/want direct access to the database anyway. But in the
grander scheme of things, it is and will be important.
wrote:
> There have been some very long standing and quite glaringProbably due to the nature of the beast. IB/FB seems to have been
> holes in Firebird security (mostly items outstanding from the
> days as Interbase).
designed as a developers internal database where it would be used by
an application and not directly by the users.
> The fact that these have continued to exist for so long ISince everything we do is web based, my clients typically don't
> think must reflect the nature of implementations used (insider
> attacks are not considered to be of critical importance for
> all installations).
have/need/want direct access to the database anyway. But in the
grander scheme of things, it is and will be important.
> I setup the application to "hash" the input passwords for allThat's an novel and effective way to go about it.
> non-administrative users.