| Subject | Re: [firebird-support] Security bug in Firebird !! |
|---|---|
| Author | Helen Borrie |
| Post date | 2008-12-29T23:32:46Z |
At 09:47 AM 30/12/2008, you wrote:
It is not a bug. It is a known shortcoming. So be intelligent about choosing passwords.
./heLen
>That is correct. Firebird's password encryption encrypts only the first 8 characters of any password. So, for example, if the password is 'masterkey' then you will find that 'masterkettle' will work.
>I created a Firebird database. The administrator uses a password
>fairly long (more than 9 characters)
>
>I found that only the first 8 characters of the password are taken
>into account, others are ignored.
It is not a bug. It is a known shortcoming. So be intelligent about choosing passwords.
./heLen