You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The SRP plugin metadata (PLG$SRP table, PLG$SRP_VIEW view and all its permissions) are wrongly added to the metadata extracted from the database [CORE6410]
#6648
ACTUAL RESULT
- The SRP plugin metadata (PLG$SRP table, PLG$SRP_VIEW view and all its permissions) are wrongly added to the metadata extracted from the database.
EXPECTED RESULT
- The SRP plugin metadata (PLG$SRP table, PLG$SRP_VIEW view and all its permissions) should NOT be added to the metadata extracted from the database.
- The SRP is a native plugin for Firebird 3.0 and its metadata (PLG$SRP table, PLG$SRP_VIEW view and all its permissions) should work like MON$, RDB$ and SEC$ tables that are not added to the metadata extracted from the database.
- Only metadata created by the DBA should be added to the metadata extracted from the database.
- Removing the SRP plugin metadata from the metadata extracted from the database can help reduce risks related to the CORE6409 issue.
STEPS TO REPRODUCE THE ISSUE
1- Make sure that the FirebirdSQL 3.0 service is NOT running:
net stop FirebirdServerDefaultInstance
2- Run the following command to create the TEST database:
ECHO SET SQL DIALECT 3;CREATE DATABASE 'TEST' PAGE_SIZE 8192 DEFAULT CHARACTER SET WIN1252; | "C:\Program Files\Firebird\Firebird_3_0\isql.exe" -user SYSDBA
3- Run the following command to create the SYSDBA user inside the TEST database using the SRP plugin:
ECHO CREATE OR ALTER USER SYSDBA SET PASSWORD 'masterkey' USING PLUGIN SRP;COMMIT; | "C:\Program Files\Firebird\Firebird_3_0\isql.exe" -user SYSDBA "TEST"
4- Run the following command to extract the TEST database metadata (See: SRP_DDL.SQL attached):
"C:\Program Files\Firebird\Firebird_3_0\isql.exe" -user SYSDBA -extract -output "SRP_DDL.SQL" "TEST"
OTHER INFORMATION
- Please see the "[firebird-support] Firebird 3.0 - About PLG$SRP table and PLG$SRP_VIEW view" discussion on mailto:firebird-support@googlegroups.com.
Submitted by: @luronumen
Duplicates CORE6147
Attachments:
SRP_DDL.SQL
CORE-6410_SRP_DDL.SQL
ACTUAL RESULT
- The SRP plugin metadata (PLG$SRP table, PLG$SRP_VIEW view and all its permissions) are wrongly added to the metadata extracted from the database.
EXPECTED RESULT
- The SRP plugin metadata (PLG$SRP table, PLG$SRP_VIEW view and all its permissions) should NOT be added to the metadata extracted from the database.
- The SRP is a native plugin for Firebird 3.0 and its metadata (PLG$SRP table, PLG$SRP_VIEW view and all its permissions) should work like MON$, RDB$ and SEC$ tables that are not added to the metadata extracted from the database.
- Only metadata created by the DBA should be added to the metadata extracted from the database.
- Removing the SRP plugin metadata from the metadata extracted from the database can help reduce risks related to the CORE6409 issue.
STEPS TO REPRODUCE THE ISSUE
1- Make sure that the FirebirdSQL 3.0 service is NOT running:
net stop FirebirdServerDefaultInstance
2- Run the following command to create the TEST database:
ECHO SET SQL DIALECT 3;CREATE DATABASE 'TEST' PAGE_SIZE 8192 DEFAULT CHARACTER SET WIN1252; | "C:\Program Files\Firebird\Firebird_3_0\isql.exe" -user SYSDBA
3- Run the following command to create the SYSDBA user inside the TEST database using the SRP plugin:
ECHO CREATE OR ALTER USER SYSDBA SET PASSWORD 'masterkey' USING PLUGIN SRP;COMMIT; | "C:\Program Files\Firebird\Firebird_3_0\isql.exe" -user SYSDBA "TEST"
4- Run the following command to extract the TEST database metadata (See: SRP_DDL.SQL attached):
"C:\Program Files\Firebird\Firebird_3_0\isql.exe" -user SYSDBA -extract -output "SRP_DDL.SQL" "TEST"
OTHER INFORMATION
- Please see the "[firebird-support] Firebird 3.0 - About PLG$SRP table and PLG$SRP_VIEW view" discussion on mailto:firebird-support@googlegroups.com.
ENVIRONMENT SETUP
firebird.conf
#SETUP
UserManager = Srp, Legacy_UserManager
WireCrypt = Enabled
databases.conf
TEST = D:\APPLICATIONS\LURONUMEN\DB\TEST.FDB
{
AuthServer = Srp
SecurityDatabase = TEST
UserManager = Srp
}
The text was updated successfully, but these errors were encountered: