| Subject | Re: [firebird-support] Security issues? |
|---|---|
| Author | Mark Rotteveel |
| Post date | 2013-12-18T17:56:58Z |
On 18-12-2013 17:43, lcampbell wrote:
(Firebird 3 will lift that limitation), the connection protocol is not
encrypted meaning that people can sniff the traffic and determine the
password.
Mark
--
Mark Rotteveel
> We have a product, written in Delphi2010, which uses an IBObjectsBesides the documented limitation that passwords are 8 characters
> TIBODatabase object to connect to a Firebird2.5 database. The
> TIBODatabase object has properties for username & password, required to
> connect. The passwords we're using (SysDBA & two user types) are random
> alpha & non-alpha characters, 32-chars long.
>
> We have reason to suspect (though no proof at this time) that the
> security of our DB mayhave been compromised. In way of prevention, we're
> putting the question out ... have there been known security issues in
> the Delphi/IBO/Firebird chain? Is there an upper limit on FB password
> length? Are there ways to further improve our security? Any insight
> would be helpful...
(Firebird 3 will lift that limitation), the connection protocol is not
encrypted meaning that people can sniff the traffic and determine the
password.
Mark
--
Mark Rotteveel