Users cannot get other users` full names (First Midlle Last), except theit own [CORE1085] #1506
Comments
|
Commented by: @AlexPeshkoff Ability for any non-privileged user to get information about all users (including gettin full logons list) was a security risk in FB1.X. Having list of all users makes it much simpler to attempt brute force attack to guess someone password (without that list one must know logins). This is the reason for letting only sysdba to get full users list. But restriction is implemented only at SQL level in security2.fdb. Therefore you may easily change VIEW USERS if you really want to open access to all users list. |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Modified by: @pcisarWorkflow: jira [ 11492 ] => Firebird [ 15487 ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Submitted by: Rosen Ivanov (rosen_pi)
We have a system based on Firebird 1.5.x. After migration on 2.0, users of the application could not see other user's full names except their own.
When I try to get user info for all users the result is only for currently logged user.
Can I do this in other way, or it will be done i next versions.
Best regards!
Firebird team is the best!!!
The text was updated successfully, but these errors were encountered: