> This makes plugins better than Legacy almost useless. Legacy auth > transfers passwords almost palin over the wire, making it too easy to be > captured by 3d party. And knowing first 8 bytes of password makes > finding the rest (provided password is longer than 8 bytes) much easier.
I agree, Alex, but this workaround should only be necessary *if* there is anonther plugin in use for this user - in this case, the administrator already made the decision of using a maybe vulnerable architecture. > > Second: Remember the the use case, that led to this question - we are > > attaching a FB3.0-database by FB2.5 execute statement on external (or > > vice versa), a use case, that might be valid for the next couple of > > years... > > Once again - legacy auth process and today security requirements are > incompatible. Sure, but COBOL and todays software development paradicms are incompatible to - but still, there's a lot of COBOL code out there... ;-) -- ASSFINET Dienstleistungs-GmbH Wielandstraße 14c * 23558 Lübeck Tel +49 (04 51) 399 04 - 555 * Fax +49 (04 51) 399 04 -529 Mail thomas.beckm...@assfinet.de * Web http://www.assfinet.de Geschäftsführer: Marc Rindermann Registergericht Koblenz-HRB 23 331 Diese E-Mail enthält vertrauliche Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
