On 18 Dec 2013 13:14:07 -0800, <
hvlad@...> wrote:
>>> Besides the documented limitation that passwords are 8 characters
>>> (Firebird 3 will lift that limitation), the connection protocol is not
>>> encrypted meaning that people can sniff the traffic and determine the
>>> password.
>>
>> Password is never passed over the wire in open form. It is encrypted by
>> client...
> Yes, but that is still susceptible to a replay attack, so the fact that it
> is encrypted doesn't actually matter for someone with the will and means,
You said above that *password* could be determined by sniffer. This is not true and i said it.
I said nothing more.
>
and of course several alternative wire protocol implementations (eg
>
Jaybird) don't actually encrypt the password.
So, people should not use such "alternative wire protocol implementations" if
they do not want to send clear passwords over the wire.
Regards,
Vlad