> -----Original Message----- > From: Adriano dos Santos Fernandes [mailto:[email protected]] > Sent: Jueves, 20 de Marzo de 2014 21:34 > > On 20-03-2014 18:38, Claudio Valderrama C. wrote: > > - Using ATT_gbak_attachment is a security risk, but I don't > know how to > > solve it. I think this should be replaced by a role, > BACKUP_OPERATOR and of > > course, this role is checked against the active user, not a > program saying > > "I'm gbak". Anybody pretending to be gbak can screw sys > tables or read more > > data than desired. > > At least for the write operations, can't isc_dpb_gbak_attach > be changed > to allow them only when used with create_database (and not with > attach_database)?
This is an interesting solution that requires some minutes only to be implemented. I already checked in one case whether we are creating the db, so if we are in VIO_erase or VIO_modify and this condition in pseudo code is true not creating() and (ATT_gbak_attachment is active) then we call protect_sys_table(..., true). C. ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
