| Subject | AW: [firebird-support] Re: Firebird - no security??? Seems unbelievable.... |
|---|---|
| Author | Steffen Heil |
| Post date | 2009-11-05T21:19:38Z |
One more remark: If I remember correctly, earlier versions of the embedded
engine bypassed authentication altogether. I don't know for current versions
though...
If this is still the case, you don't have to copy the file to any other
server, but just start you analyses software (as long as the daemon is not
accessing that file).
-----Ursprüngliche Nachricht-----
Von: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] Im Auftrag von neighbour.kerry
Gesendet: Donnerstag, 5. November 2009 22:14
An: firebird-support@yahoogroups.com
Betreff: [firebird-support] Re: Firebird - no security??? Seems
unbelievable....
--- In firebird-support@yahoogroups.com, Kjell Rilbe <kjell.rilbe@...>
wrote:
Well, we are selling a POS product into a very competitive market. Our main
competitor also uses Firebird, with basically the same table structure, etc.
We do not want our competitors to 'play around with' our databases. If they
wanted us to look bad, all they would have to do is delete some of our
tables, or just alter a bit of data. We do not want that to happen.
We can currently access the databases of any of THEIR customer base - they
simply use the standard SYSBDA/masterkey combination. We do not want them to
be able to do the same to us!
As it turns out, leaving the username/password at the default seems the best
thing to do. Changing it does not seem to have any meaning.
Of course, our competitor is probably not that Firebird literate. They might
not know of these security issues, and once they cannot get on with the
default password, they might simply assume (as I did), that the database has
been secured, and give up.
------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://www.firebirdsql.org and click the Resources item
on the main (top) menu. Try Knowledgebase and FAQ links !
Also search the knowledgebases at http://www.ibphoenix.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Yahoo! Groups Links
[Non-text portions of this message have been removed]
engine bypassed authentication altogether. I don't know for current versions
though...
If this is still the case, you don't have to copy the file to any other
server, but just start you analyses software (as long as the daemon is not
accessing that file).
-----Ursprüngliche Nachricht-----
Von: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] Im Auftrag von neighbour.kerry
Gesendet: Donnerstag, 5. November 2009 22:14
An: firebird-support@yahoogroups.com
Betreff: [firebird-support] Re: Firebird - no security??? Seems
unbelievable....
--- In firebird-support@yahoogroups.com, Kjell Rilbe <kjell.rilbe@...>
wrote:
>actually trying to protect? The schema? Some data in the database? What?
> But then again, how could ANY security model help you? And what are you
Well, we are selling a POS product into a very competitive market. Our main
competitor also uses Firebird, with basically the same table structure, etc.
We do not want our competitors to 'play around with' our databases. If they
wanted us to look bad, all they would have to do is delete some of our
tables, or just alter a bit of data. We do not want that to happen.
We can currently access the databases of any of THEIR customer base - they
simply use the standard SYSBDA/masterkey combination. We do not want them to
be able to do the same to us!
As it turns out, leaving the username/password at the default seems the best
thing to do. Changing it does not seem to have any meaning.
Of course, our competitor is probably not that Firebird literate. They might
not know of these security issues, and once they cannot get on with the
default password, they might simply assume (as I did), that the database has
been secured, and give up.
------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://www.firebirdsql.org and click the Resources item
on the main (top) menu. Try Knowledgebase and FAQ links !
Also search the knowledgebases at http://www.ibphoenix.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Yahoo! Groups Links
[Non-text portions of this message have been removed]