You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think that it's pointless to expect any security from the *embedded* and *open source* software, unless strong encryption is involved. And it's covered by other tickets in the tracker.
Submitted by: Zeki Gürsoy (zeki)
Votes: 2
Hello everybody.
In server version, when created database and added a role name 'SYSDBA' by other user, 'SYSDBA' can not never login this database.
This OK, very well.
But......
If i use Firebird Embed version, I can reading all data. In Embed version Like this:
I login to this database whoever a user, for example 'abc' and pass is null.
I can learning 'who is database owner?' like this
SELECT DISTINCT RDB$USER
FROM RDB$USER_PRIVILEGES
WHERE RDB$USER = RDB$GRANTOR
Then, I can reconnect to database with this database owner account... and all data on my screen.
I guess, this is security problem. What do you think?
The text was updated successfully, but these errors were encountered: