> -----Oprindelig meddelelse----- > Fra: Paul Reeves [mailto:pree...@ibphoenix.com] > Sendt: 17. juli 2013 12:00 > Til: For discussion among Firebird Developers > Emne: Re: [Firebird-devel] gsec-issues with FB3.0 > > On Tuesday 16 July 2013 15:17:49 Alex Peshkoff wrote: > > > On 07/15/13 18:19, Paul Reeves wrote: > > > One problem I found is that I couldn't log in to an FB3 server on > > > windows from a linux fb2.5 client. How is that done without the > > > legacy authentication? > > > > No way. From any client <3.0 from any OS (not only linux). > > And this is by design. We have to make that step or we will always > > have to stay with that 8-byte passwords. > > So we need to get the message across that using the old security means > staying with 8-byte passwords, ie almost no security. > > > > Certainly in A1 security is not real goal :-) > > But let's have an exact plan - when do we start to use SRP by default? > > > My feeling is that we should support click-through install on windows with > SYSDBA/masterkey for alpha and beta. And that from RC1 we disable that as > a > default (but users can choose the option if they wish.)
This will be a smart move as testing by "swapping" versions will be a lot easier. But I also strongly support that backwards compatibility with things that we actually want to abandon should not be the strongest priority! FB3 is new stuff - with the good things from the past remaining, and the bad ones at least properly hidden away! Just like wire encryption to my understanding is a must as default security feature in the final version. Best regards Poul ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
