|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
April 28th, 2005, 08:26 AM
|
|||
|
|||
Security : how to control who can create database
Hi forum,
I realized that as soon as a user is created (with gsec) on a firebird server, it has the ability to create a database. For me, this is a security hole. Anyone owning a valid login password can full the underlying filesystem on which reside the database files, by creating a database and feeding it with tons of records, leading to a server denial of service. Any idea to counter this ? Nothing found with the GRANT command.
|
|
#2
April 29th, 2005, 04:09 AM
|
|||
|
|||
|
Hi,
Not exactly a security hole, but annoying none theless. You can control where databases can be created via a setting in the configuration file (see firebird.conf) in Firebird 1.5... As for the rest, the security system is being reviewed and new ideas on how to do things have been taken into account. Expect a revision in a future version of Firebird. With regards, Martijn Tonies Database Workbench - developer tool for InterBase, Firebird, MySQL & MS SQL Server Upscene Productions http://www.upscene.com
__________________
Martijn Tonies Database Workbench: developer IDE for Firebird, MySQL, InterBase, MSSQL Server and Oracle Upscene Productions http://www.upscene.com
|
|
| Viewing: Dev Shed Forums > Databases > Firebird SQL Development > Security : how to control who can create database |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
