Database Security [CORE3484] #3843
Comments
|
Commented by: @dyemanov I think that it's pointless to expect any security from the *embedded* and *open source* software, unless strong encryption is involved. And it's covered by other tickets in the tracker. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Submitted by: Zeki Gürsoy (zeki)
Votes: 2
Hello everybody.
In server version, when created database and added a role name 'SYSDBA' by other user, 'SYSDBA' can not never login this database.
This OK, very well.
But......
If i use Firebird Embed version, I can reading all data. In Embed version Like this:
I login to this database whoever a user, for example 'abc' and pass is null.
I can learning 'who is database owner?' like this
SELECT DISTINCT RDB$USER
FROM RDB$USER_PRIVILEGES
WHERE RDB$USER = RDB$GRANTOR
Then, I can reconnect to database with this database owner account... and all data on my screen.
I guess, this is security problem. What do you think?
The text was updated successfully, but these errors were encountered: