On 05/24/13 16:21, Thomas Beckmann wrote: > Am Fri, 24 May 2013 16:06:39 +0400 > schrieb Alex Peshkoff <peshk...@mail.ru>: > >> On 05/24/13 15:51, Dimitry Sibiryakov wrote: >>> 24.05.2013 13:44, Alex Peshkoff wrote: >>>> It's possible to show all users. The problems are: >>>> 1. What to do when modify or delete someuser is issued, and someuser is >>>> present in >1 plugin? >>>> 2. What plugin to be called when adding new user? >>> 1a) Modify or delete all of them. Deleting user, DBA want to prevent him >>> from being able >>> to log in. The only way to get that - delete all of them >>> 1b) Add syntax to indicate complete info: user@plugin for example. Of >>> course, plugin name >>> should be shown in list. >> Deleting all of them makes sense. Modifying is very bad - this may >> compromise password in Srp, at least first 8 symbols of it. Supposing >> that sooner or later Legacy plugin will be gone. > Well, first: Are all plugins available to the engine at all time and > one is just chosen bei the user? If so, can't the password be encoded > by every plugin as if it would be the one actually chosen by the user?
This makes plugins better than Legacy almost useless. Legacy auth transfers passwords almost palin over the wire, making it too easy to be captured by 3d party. And knowing first 8 bytes of password makes finding the rest (provided password is longer than 8 bytes) much easier. > Second: Remember the the use case, that led to this question - we are > attaching a FB3.0-database by FB2.5 execute statement on external (or > vice versa), a use case, that might be valid for the next couple of > years... Once again - legacy auth process and today security requirements are incompatible. ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
