Issue Details (XML | Word | Printable)

Key: CORE-787
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: tectsoft
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Firebird Core

optionally disable non SYSDBA use of Server API

Created: 24/Jan/05 12:00 AM   Updated: 20/Jun/07 09:44 AM
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.1 Beta 1

Time Tracking:
Not Specified

SF_ID: 1108190


 Description  « Hide
SFID: 1108190#
Submitted By: tectsoft

Would be nice if FB had the option to disable non
SYSDBA use of the server API.

Currently any user can view active
databases/connected users, this is not necesarily a
good thing especially in an ISP environment

 All   Comments   Work Log   Change History   Version Control   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alice F. Bird added a comment - 14/Jun/06 09:42 AM
Date: 2005-09-03 12:48
Sender: tectsoft
Logged In: YES
user_id=1154545

FYI I was thinking for use by ISP, typically it wouldn't be
a good idea to let non SYSDBA see other users or currently
attached databases.

Alice F. Bird added a comment - 14/Jun/06 09:42 AM
Date: 2005-09-01 12:33
Sender: alexpeshkoff
Logged In: YES
user_id=423445

Let's prepair complete list. I don't see problems doing it
in 2.0

Alice F. Bird added a comment - 14/Jun/06 09:42 AM
Date: 2005-08-31 18:52
Sender: dimitr
Logged In: YES
user_id=61270

First, some Services API requests should check the admin
privileges. Candidates are: isc_info_svc_svr_db_info,
isc_info_svc_user_dbpath and perhaps some others.

Second, I'd suggest that isc_database_info() should return
only one username if the isc_info_user_names request is
performed by non-admin user.

Alexander Peshkov added a comment - 19/Apr/07 04:38 AM
Disabled non-SYSDBA access to mentioned parts of API.