Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security issues when window trusted authentication is enabled [CORE3072] #3451

Closed
firebird-automations opened this issue Jul 18, 2010 · 2 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @luronumen

When "Authentication" is set to "trusted" or "mixed" in "firebird.conf" file the following security issues can be visualized:

1- The Database administrator does not have control of who can connect with the database.
2- All Windows users can connect with the database and create new objects (Domains, Exceptions, Functions, Generators, Procedures, Roles, Tables, Triggers, Views, etc);

EXPECTED RESULTS:
1- The Database administrator should have control of who can connect with the database specifying which Windows Domain and User from this domain can connect.
2- Only Windows users connected using RDB$ADMIN role database should not have permission to create database objects.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0.5 [ 10885 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

No separate commit to fix - current FB satisfies all enumerated requirements, and is even more flexible

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant