| Subject | Re: [firebird-support] Guys! I got it! - Re: Avoiding hard-coding db pass in app - without using db users |
|---|---|
| Author | Daniel Albuschat |
| Post date | 2008-11-11T08:13:52Z |
Hi Zd,
unfortunately this is not secure. You can easily sniff or otherwise
find out the password of the user that has access rights to get the
sysdba password. This can either be done with network-sniffing tools
like Wireshark (I actually don't know how strong Firebird's password
protection is over the wire) or by replacing the Firebird-server with
a custom version that outputs the password that was used to
authenticate.
Please read this document:
http://www.firebirdsql.org/pdfmanual/Firebird-Security.pdf
Regards,
Daniel Albuschat
--
eat(this); // delicious suicide
unfortunately this is not secure. You can easily sniff or otherwise
find out the password of the user that has access rights to get the
sysdba password. This can either be done with network-sniffing tools
like Wireshark (I actually don't know how strong Firebird's password
protection is over the wire) or by replacing the Firebird-server with
a custom version that outputs the password that was used to
authenticate.
Please read this document:
http://www.firebirdsql.org/pdfmanual/Firebird-Security.pdf
Regards,
Daniel Albuschat
--
eat(this); // delicious suicide