On 19 Dec 2013 01:01:11 -0800, <hvlad@...> wrote:

> ---In firebird-support@{{emailDomain}}, <mark@...> wrote:
>
> On 18 Dec 2013 13:14:07 -0800, <hvlad@... mailto:hvlad@...> wrote:
> >>> Besides the documented limitation that passwords are 8 characters
> >>> (Firebird 3 will lift that limitation), the connection protocol is

not

>>>> encrypted meaning that people can sniff the traffic and determine the

> >>> password.
> >>
> >> Password is never passed over the wire in open form. It is encrypted

by

>>> client...
>
> > Yes, but that is still susceptible to a replay attack, so the fact

that

> > it
> > is encrypted doesn't actually matter for someone with the will and
> > means,
>
> You said above that *password* could be determined by sniffer. This is
> not true and i said it.
> I said nothing more.

True, but as always, I am usually thinking from the perspective of the
Jaybird implementation :)

Mark