Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

optionally disable non SYSDBA use of Server API [CORE787] #1171

Closed
firebird-automations opened this issue Jan 24, 2005 · 10 comments
Closed

optionally disable non SYSDBA use of Server API [CORE787] #1171

firebird-automations opened this issue Jan 24, 2005 · 10 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: tectsoft (tectsoft)

SFID: 1108190#⁠
Submitted By: tectsoft

Would be nice if FB had the option to disable non
SYSDBA use of the server API.

Currently any user can view active
databases/connected users, this is not necesarily a
good thing especially in an ISP environment

Commits: e2ab4df

@firebird-automations
Copy link
Collaborator Author

Commented by: Alice F. Bird (firebirds)

Date: 2005-09-03 12:48
Sender: tectsoft
Logged In: YES
user_id=1154545

FYI I was thinking for use by ISP, typically it wouldn't be
a good idea to let non SYSDBA see other users or currently
attached databases.

@firebird-automations
Copy link
Collaborator Author

Commented by: Alice F. Bird (firebirds)

Date: 2005-09-01 12:33
Sender: alexpeshkoff
Logged In: YES
user_id=423445

Let's prepair complete list. I don't see problems doing it
in 2.0

@firebird-automations
Copy link
Collaborator Author

Commented by: Alice F. Bird (firebirds)

Date: 2005-08-31 18:52
Sender: dimitr
Logged In: YES
user_id=61270

First, some Services API requests should check the admin
privileges. Candidates are: isc_info_svc_svr_db_info,
isc_info_svc_user_dbpath and perhaps some others.

Second, I'd suggest that isc_database_info() should return
only one username if the isc_info_user_names request is
performed by non-admin user.

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

issuetype: New Feature [ 2 ] => Improvement [ 4 ]

SF_ID: 1108190 =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Component: Security [ 10071 ]

SF_ID: 1108190 =>

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Disabled non-SYSDBA access to mentioned parts of API.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.1 Beta 1 [ 10141 ]

SF_ID: 1108190 =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

Workflow: jira [ 10811 ] => Firebird [ 15236 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants