On 02/07/15 16:32, liviusliv...@poczta.onet.pl wrote: > Hi, > > what security risk do you see with context vars? > Context vars are stored on server side - what i am missing here? > This so secure as secure is sending password at conection start time ;-)
Password is NOT sent at connection time when SRP is used. > I you secure transmision what problem? > > regards, > Karol Bieniaszewski > > -----Oryginalna wiadomość----- > From: Geoff Worboys > Sent: Saturday, February 07, 2015 1:20 AM > To: For discussion among Firebird Developers > Subject: Re: [Firebird-devel] Odp: execute statement on external role > > Simple? Well, I guess it is if I don't have any care about > security. But context variables are not the way to do this > sort of thing, load on demand from a secured table is a less > open way of dealing with such private data. > > But I got exactly what I wanted, without spreading passwords > around, with just a few lines of code in ExtDS.cpp, which > was simple enough for me. I don't know why the restriction > was coded originally, but removing it works and I can't see > any obvious downsides (I'm already using a lightly customised > build of Firebird for this application, so another small > change is not a problem to me). > > P.S. Thanks Alex for your input into this. > ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
