[#CORE-1845] Some standard calls show server installation directory to regular users

Firebird Core

Some standard calls show server installation directory to regular users

Created: 17/Apr/08 09:40 AM Updated: 19/Jan/16 06:05 AM

Component/s:

None

Affects Version/s:

1.0.3, 2.0.0, 1.5.4, 2.0.1, 2.1 Alpha 1, 2.1 Beta 1, 2.0.2, 2.0.3, 2.1 Beta 2, 1.5.5, 2.1 RC1, 2.5 Initial, 2.1 RC2, 2.1.0, 2.0.4

Fix Version/s:

2.5 Alpha 1, 2.1.1

Environment:

Any

Issue Links:

Relate

This issue is related to:

~~QA-216~~ Test for CORE-1845

Target:	2.1.1 and 2.5 Alpha 1
QA Status:	Done successfully

Description

« Hide

In order to avoid extra security risks, given in restricted comment.

All

Comments

Change History

Subversion Commits

Sort Order:

[ Permalink | « Hide ]

Volker Rehn added a comment - 28/Jul/08 12:43 PM

Some apps require a list of aliases. With customer-side installations, the sysdba pw is often unknown to deployers. A workaround could be to allow the DBO access to server info like isc_info_svc_get_env, because 2.5 with its rdb$admin isn't available yet for production.

[ Permalink | « Hide ]

Alexander Peshkov added a comment - 04/Aug/08 03:08 AM

Sorry, it's impossible. Service manager works in server, not database context, therefore DBO is meaningless for it.

[ Permalink | « Hide ]

Pavel Cisar added a comment - 25/Apr/13 04:18 PM

Test added.