On 01-06-2020 16:07, Alex Peshkoff via Firebird-devel wrote:
On 2020-06-01 16:54, Mark Rotteveel wrote:
On 01-06-2020 11:57, Alex Peshkoff via Firebird-devel wrote:
Legacy approach of pre-initializing with well known to the world
password is very bad idea. Not to tell much words about security -
have you ever seen unix distro with pre-initialized root password?
Our installers all try to do the best possible to initialize SYSDBA.
What about completely automatic initialization - yes, we can do it
and save new random SYSDBA password to firebird.log. But I doubt that
this is better solution compared with existing - how can novide guess
where to search for that password?
I'm not talking about creating a user, I'm talking about initializing
the security database so the necessary tables for SRP already exist.
That should not necessitate the creation of a user (and if it
currently technically does require that, then that is a deficiency
that should be addressed).
That's trivial - but what do we win with that?
We prevent the entire subject of this discussion: an unnecessary error
message about the installation not being complete where the normal 'Your
user name and password are not defined. Ask your database administrator
to set up a Firebird login.' error would suffice.
Mark
--
Mark Rotteveel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
