Subject Re: [firebird-support] Question on allowing and denying access to FB via internet
Author Alexandre Benson Smith
Hi Jeff,

Jeff Dunlap wrote:
> Dear Firebird Users:
> I have a few questions on using FB (latest version) in regards to allowing and denying access via the internet.
> 1) If my IP address is visible and port 3050 is open, do I have to be concerned about the FB password length limitation of 8 characters and brute force attempts or is there some kind of protection that FB performs to suppress these attacks? Is having the server open to the internet like this a bad idea?

FB 2.0 has some protection agsint brute force attack.

But the better would be to use a tunnel, port 3050 keeps closed and the
tunnel software encrypt/compact the net traffic.

Take a look on a paper written by Artur Anjos on this regard, google for:
firebird zebedee

ssh, stunnel would work too, zebedee is really simple to deploy

The FB password can be easily snifed on the internet, it's sent
encrypted, but is easy to use a replay attack, since there is no salt to
change the encrypted password on each session. Better use a tunnelling
software !

> 2) If port 3050 is closed using Windows Firewall, will Internet access to FB be denied if the server is otherwise open to the internet (i.e. port 21,25,80...).

Yes, if port 3050 is closed, the fb client wouldn't cpnnet to that server

> Thank you very much

see you !

Alexandre Benson Smith
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil