Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a flag to mon$database helping to decide what type of security database is used - default, self or other [CORE4729] #5035

Closed
firebird-automations opened this issue Mar 31, 2015 · 7 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: Martijn Tonies (martijntonies)

Firebird 3 always provides a SEC$USERS table, either from the server wide
user database OR from the secondary user database.

But for user management, I would like to know if the users list comes
from the server-wide or from a secondary database, it would be more clear to the users
of Database Workbench to see the difference if there's NO "Users" node
for a database which users server side users, and there is a "Users" node
for databases that use a secondary user database.

Commits: 5c9eb6d FirebirdSQL/fbt-repository@5641ea1

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

reporter: Alexander Peshkov [ alexpeshkoff ] => Martijn Tonies [ martijntonies ]

Fix Version: 3.0 Beta 2 [ 10586 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @mrotteveel

From a security point of view, I don't think this info should be available to all users, so I am not sure if `MON$DATABASE` is the best place.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Mark, we do not show what particular database is used. In a case with DEFAULT security database there is no top secret with it, in a case of SELF it's possible to access appropriate view/table and find record about oneself. I.e. I do not see big security problems here.
And next - improvement was publically & actively discussed in devel a few months ago (see thread "Beta 1: how to use additionalsecuritydatabases?"). Why did you not rise security problems that time... As for me I've thought about security implications but have not found what particular attack does it simplify.

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: Done successfully

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Closed [ 6 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants