| Subject | Re: [firebird-support] Guys! I got it! - Re: Avoiding hard-coding db pass in app - without using db users |
|---|---|
| Author | Zd |
| Post date | 2008-11-10T18:42:45Z |
This is the point.
The hacker can connect with SECUSER, but he has to known the valid username
/ password of a real user in the app.
And if he can get that information, there is not algorithm that will protect
you...
See?
The hacker can connect with SECUSER, but he has to known the valid username
/ password of a real user in the app.
And if he can get that information, there is not algorithm that will protect
you...
See?
----- Original Message -----
From: "Anderson Farias" <peixedragao@...>
To: <firebird-support@yahoogroups.com>
Sent: Monday, November 10, 2008 7:28 PM
Subject: Re: [firebird-support] Guys! I got it! - Re: Avoiding hard-coding
db pass in app - without using db users
> Hi,
>
>> And the password sent over the network should be well protected by an SSL
>> tunnel...
>
> Yes, but... what if the 'hacker' connects with this SECURE user, queries
> the
> password_proc and get sysdba pass?
>
>
> Regards,
> Anderson Farias
>
>
>
> ------------------------------------
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Visit http://www.firebirdsql.org and click the Resources item
> on the main (top) menu. Try Knowledgebase and FAQ links !
>
> Also search the knowledgebases at http://www.ibphoenix.com
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Yahoo! Groups Links
>
>
>