| Subject | Re: [firebird-support] Firebird security acessing database on other server as SYSDBA |
|---|---|
| Author | Alexandre Benson Smith |
| Post date | 2012-03-05T19:52:32Z |
Em 5/3/2012 16:19, Marcelo TrĂ³pia escreveu:
I understand you concern, but there is no security if you cannot
garantee it at file system level.
Even if FB 3.0 stores the user information inside database, it will be
easy to complie a new version of FB that bypass the user authentication.
It's easy to circunvent it in FB since it is open source, and anyone
could analyze the code and recompile it.
see you !
> Hi Iwan, thank you.What DB2 implements is Security by obscutiry....
>
> Regarding DB2 security (mainframe DB2 no z/OS), yes, there is this kind of
> security. If someone copy the VSAM dataset (DB2 tablespace access method)
> and try to register this tablespace on other DB2 instance, DB2 will not
> accept it because dbid and obid identifiers are stored inside the dataset
> and you need to know these identifiers to inform to DB2. Someone with a deep
> knowing of DB2 (a hacker) could discover these identifiers, but it is not
> easy.
>
> Best regards,
> Marcelo
>
I understand you concern, but there is no security if you cannot
garantee it at file system level.
Even if FB 3.0 stores the user information inside database, it will be
easy to complie a new version of FB that bypass the user authentication.
It's easy to circunvent it in FB since it is open source, and anyone
could analyze the code and recompile it.
see you !