On 2/24/19 10:52 AM, Mark Rotteveel wrote:
On 23-2-2019 20:56, Lester Caine wrote:
On 23/02/2019 19:21, Paul Reeves wrote:
It is linked to the fact that rpm installs don't allow
interaction at install time, so the security database is not
initialised.
IIRC, rpm install 2.5 used to initialize security database using
random password for sysdba. Was it changed in 3.0?
I only know the suse packages. The security db was left unitialised.
The fresh install using the packages currently supported by SUSE Leap
15.0 defaults to 'masterke',
Shame on them...
and as always the first thing I do is change that via flamerobin.
The security database inside the distribution is already initialized
with a Legacy_Auth SYSDBA only. I'm not sure why the same can't be
done for SRP (or at least: isn't done for SRP).
First half of an answer is very simple - in order to avoid network
server running with SYSDBA/masterkey login in default configuration.
Looking at this discussion I once again notice that this protection is
rather efficient :)
And that has been done in this case. My problem with the
'Compatibility chapter' on the previous install was that I was unable
to access the database until I REMOVED Srp from the config file. I
have no worries about the legacy system being 'less secure' simply
because the only application accessing it is PHP on a local network
link and I don't need any more than that so why should I have to do
any more than getting a single user working?
The problem is essentially
http://tracker.firebirdsql.org/browse/CORE-5485 which Alex doesn't
consider to be a bug.
If you create a single Srp user, this will go away. And you have to
create a user (or users) anyway for your application(s), so why not
just use Srp for that?
To be precise - if some application does not use firebird's access
rights control (it's using same login for all attaches) and you are
quite sure in reliability of infrastructure protecting server running
firebird from undesired access I see no reason to use srp. Legacy plugin
is faster - needs less CPU to establish connection. But in this case
what's a need to add more plugins to configuration file?
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel