You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In 2.1 release branch services ignore setting of Authentication parameter in firebird.conf. Therefore any operations, not requiring further DB login (like view firebird.log file, information about FB server, etc.), can be always performed by any valid domain user.
Notice: bug was already fixed in HEAD during generic security cleanup - currently configuration setting Authentication is checked much earlier, in remote listener. And it's not enough to be any user, only admins have rights to perform most of mentioned activities. Therefore mentioned bug is only 2.1 specific.
Submitted by: @AlexPeshkoff
Bug was initially reported by Ivan Prenosil.
In 2.1 release branch services ignore setting of Authentication parameter in firebird.conf. Therefore any operations, not requiring further DB login (like view firebird.log file, information about FB server, etc.), can be always performed by any valid domain user.
Notice: bug was already fixed in HEAD during generic security cleanup - currently configuration setting Authentication is checked much earlier, in remote listener. And it's not enough to be any user, only admins have rights to perform most of mentioned activities. Therefore mentioned bug is only 2.1 specific.
Commits: 02f66dc 665ea6f
The text was updated successfully, but these errors were encountered: