| Subject | Roles and security issue |
|---|---|
| Author | Alan McDonald |
| Post date | 2006-12-28T01:49:08Z |
Over many years of using a firebird database, users are created, roles are
granted. If you have moved your database several times over this longish
period without first purging roles, you end up with a database with perhaps
many grants of users to roles which are no longer in use. If a new user is
created and coincidentally matches a previous user with an existing grant,
this new user will immediately have these grants.
There appears no tool available to easily reveal or manage these orphaned
grants. I would hazard to guess that many people are unaware that there are
these grants "ready to go" in this moved database. Does anyone consider this
as a security issue, minor as you may regard it?
regards
Alan McDonald
granted. If you have moved your database several times over this longish
period without first purging roles, you end up with a database with perhaps
many grants of users to roles which are no longer in use. If a new user is
created and coincidentally matches a previous user with an existing grant,
this new user will immediately have these grants.
There appears no tool available to easily reveal or manage these orphaned
grants. I would hazard to guess that many people are unaware that there are
these grants "ready to go" in this moved database. Does anyone consider this
as a security issue, minor as you may regard it?
regards
Alan McDonald