| Subject | Re: how to determine User role |
|---|---|
| Author | tony_bat |
| Post date | 2008-03-25T11:55:53Z |
Ok helen
If I create a connectstring and it has user,pw, and role in it - it can
be sniff and hacked. The only differnce here is I did a connect string
that just had user and pw. made my connection receive info made new
connect string and reconnected with role assigned. Now if firebird
changes this option I will make necessary changes to code. So what
difference does it make if they hack it first or last it is still
hacked.
--- In firebird-support@yahoogroups.com, Helen Borrie <helebor@...>
wrote:
agenda to make it not possible. I didn't suggest it because I don't
recommend it even slightly. Use privileges as they are intended: hacks
are always risky and this one is A-rated.
If I create a connectstring and it has user,pw, and role in it - it can
be sniff and hacked. The only differnce here is I did a connect string
that just had user and pw. made my connection receive info made new
connect string and reconnected with role assigned. Now if firebird
changes this option I will make necessary changes to code. So what
difference does it make if they hack it first or last it is still
hacked.
--- In firebird-support@yahoogroups.com, Helen Borrie <helebor@...>
wrote:
>> Don't count on being able to do this permanently. It's not a goodsituation that any user can access the system tables and it is on the
agenda to make it not possible. I didn't suggest it because I don't
recommend it even slightly. Use privileges as they are intended: hacks
are always risky and this one is A-rated.
>
> ./heLen
>