On 01-06-2020 11:57, Alex Peshkoff via Firebird-devel wrote:
Legacy approach of pre-initializing with well known to the world
password is very bad idea. Not to tell much words about security - have
you ever seen unix distro with pre-initialized root password?
Our installers all try to do the best possible to initialize SYSDBA.
What about completely automatic initialization - yes, we can do it and
save new random SYSDBA password to firebird.log. But I doubt that this
is better solution compared with existing - how can novide guess where
to search for that password?
I'm not talking about creating a user, I'm talking about initializing
the security database so the necessary tables for SRP already exist.
That should not necessitate the creation of a user (and if it currently
technically does require that, then that is a deficiency that should be
addressed).
Mark
--
Mark Rotteveel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
