| Subject | Re: [firebird-support] RE: Security issues? |
|---|---|
| Author | Mark Rotteveel |
| Post date | 2013-12-19T08:42:15Z |
On 18 Dec 2013 13:14:07 -0800, <hvlad@...> wrote:
is encrypted doesn't actually matter for someone with the will and means,
and of course several alternative wire protocol implementations (eg
Jaybird) don't actually encrypt the password.
Mark
> ---In firebird-support@yahoogroups.com, <mark@...> wrote:not
>
>> Besides the documented limitation that passwords are 8 characters
> > (Firebird 3 will lift that limitation), the connection protocol is
>> encrypted meaning that people can sniff the traffic and determine theby
>> password.
>
> Password is never passed over the wire in open form. It is encrypted
> client...Yes, but that is still susceptible to a replay attack, so the fact that it
is encrypted doesn't actually matter for someone with the will and means,
and of course several alternative wire protocol implementations (eg
Jaybird) don't actually encrypt the password.
Mark