Issue Details (XML | Word | Printable)

Key: CORE-4729
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Minor Minor
Assignee: Alexander Peshkov
Reporter: Martijn Tonies
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Add a flag to mon$database helping to decide what type of security database is used - default, self or other

Created: 31/Mar/15 03:46 PM   Updated: 14/Jun/15 04:47 PM
Component/s: Engine
Affects Version/s: None
Fix Version/s: 3.0 Beta 2

QA Status: Done successfully


 Description  « Hide
Firebird 3 always provides a SEC$USERS table, either from the server wide
user database OR from the secondary user database.

But for user management, I would like to know if the users list comes
from the server-wide or from a secondary database, it would be more clear to the users
of Database Workbench to see the difference if there's NO "Users" node
for a database which users server side users, and there is a "Users" node
for databases that use a secondary user database.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Mark Rotteveel added a comment - 31/Mar/15 06:12 PM - edited
From a security point of view, I don't think this info should be available to all users, so I am not sure if `MON$DATABASE` is the best place.

Alexander Peshkov added a comment - 01/Apr/15 10:30 AM
Mark, we do not show what particular database is used. In a case with DEFAULT security database there is no top secret with it, in a case of SELF it's possible to access appropriate view/table and find record about oneself. I.e. I do not see big security problems here.
And next - improvement was publically & actively discussed in devel a few months ago (see thread "Beta 1: how to use additionalsecuritydatabases?"). Why did you not rise security problems that time... As for me I've thought about security implications but have not found what particular attack does it simplify.