|Subject||Re: aliases.conf API?|
> ExternalFileAccess = Restrict C:\ProgramFiles\Firebird\Firebird_2_0
This is very-very BAD idea from security POV.
Take a look at firebird.conf, before doing it, and you will see
recomendation to never let sub-trees, enabled for external files and
UDFS, overlap. When they do (like in this sample provided UdfAccess
was not modified), one can create external table C:\Program
Files\Firebird\Firebird_2_0\UDF\hack.dll, write arbitrary commands
in it and afterwards execute with system privileges, loading as UDF
in firebird. This very old security vulnerability was fixed in fb1.5
by adding separate access control to UDFs, external files and
databases, but it will not work if you tune your firebird.conf in
Moreover, one can overwrite everything in firebird install
directory, including firebird.conf and even some binaries. Do not
use such tricks, please, to access that aliases list.