On 09/09/2015 05:19 PM, Mark Rotteveel wrote: > On 9-9-2015 16:09, Alex Peshkoff wrote: >> On 09/09/2015 01:54 PM, Mark Rotteveel wrote: >>> Looking through the code in interface.cpp, there seem to be two new >>> authentication mechanisms in Firebird 3, one in the op_connect (with >>> CNCT_specific_data), and again one in op_attach with the DPB; they use >>> the same or similar data, but two different ways of using. >>> >>> Why is this? Wouldn't it have been simpler to implement only one >>> authentication mechanism (besides the classic mechanism) and stick with >>> that? >>> >>> Mark >> FB3 supports use of multiple authentication plugins. It may happen (when >> no encryption is used) that first one works at connect stage, next >> starts at attach stage and later follows exchange with auth data until >> authentication success (or failure). This saves roundtrips when attaching. > Thanks for the explanation. This sort of things makes implementing an > equivalent authentication mechanism a lot harder. I would very much have > preferred a single mechanism (even though if they look and work > similar).
I've so many times read/heard about too slow firebird remote protocol compared with other SQL servers that tried to save roundtrips when/where possible ... > For now I will look if I can get away with only having it in > the connect stage. Client may skip sending any info at particular stage, server should just start op_cont_auth exchange in that case. Moreover - it can be forcely started by server before op_attach in a case when line to be encrypted. This ensures sending DPB contents using reliable encrypted connection, avoiding man-in-the-middle attacks on DPB/SPB. ------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel