On 2/25/19 4:45 PM, Mark Rotteveel wrote:
On 25-2-2019 13:51, Alex Peshkoff via Firebird-devel wrote:
On 2/24/19 10:52 AM, Mark Rotteveel wrote:
The security database inside the distribution is already initialized
with a Legacy_Auth SYSDBA only. I'm not sure why the same can't be
done for SRP (or at least: isn't done for SRP).
First half of an answer is very simple - in order to avoid network
server running with SYSDBA/masterkey login in default configuration.
Looking at this discussion I once again notice that this protection
is rather efficient :)
Then lets change this question to why the security database in the
distribution isn't initialized for SRP (ie having the PLG$SRP table,
maybe other things needed). Would it be possible to initialize it as
part of the distribution **without** having a user present? That at
least would avoid the "Look at the compatibility chapter" error.
It will be very useful for a user which started to change configuration
file not understanding it to read an instruction instead of continuing
in random order.
Once again - if one includes SRP in configuration security DB should
contain at least one SRP user, if there are no users why include it at all?
And given the default security database does contain a legacy auth
with SYSDBA/masterke it is insecure anyway for people who'll enable
Legacy_Auth.
If anyone himself changed configuration to include legacy plugin he
definitely gets insecure configuration. Certainly I talk about default
configuration which was already mentioned explicitly.
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel