Hello Alex,
... skipped ...
A> I.e. on my mind the presentation is about nothing.
The presentation is about "If you have armed gun - you can shut your
leg" :)
I think, the main message idea from Marius is about default security -
i.e. by default FB after installation should not allow
_unprivile
Hello Alex,
A> But all samples provided _do_ require privileged user (sysdba or root) -
A> may be except
A> CREATE DATABASE ':';
A> Currently everyone can create new DB and become it's DBO.
A> That's what will be changed in fb3 before beta1.
It is true only if server itself has access to the thi
08.01.2014 16:44, Mark Rotteveel wrote:
> He simply demonstrates that once you 'own' a Firebird server, you can use
> that to further exploit/hack into a server.
Perhaps, it is time to change default for DatabaseAccess parameter...
--
WBR, SD.
-
On Wed, 08 Jan 2014 19:41:16 +0400, Alex wrote:
> On 01/08/2014 07:22 PM, Sergey Mereutsa wrote:
>> Hello Alex,
>>
>> ... skipped ...
>>
>> A> I.e. on my mind the presentation is about nothing.
>>
>> The presentation is about "If you have armed gun - you can shut your
>> leg" :)
>>
>> I think, the
On 01/08/2014 07:34 PM, Mark Rotteveel wrote:
> On Wed, 08 Jan 2014 19:13:02 +0400, Alex wrote:
>> On 01/07/2014 01:11 PM, marius adrian popa wrote:
>>> Notes on database security assesment
>>>
> http://www.slideshare.net/qqlan/firebird-interbase-database-engine-hacks-or-rtfm
>> I see 2 kinds of s
On 01/08/2014 07:22 PM, Sergey Mereutsa wrote:
> Hello Alex,
>
> ... skipped ...
>
> A> I.e. on my mind the presentation is about nothing.
>
> The presentation is about "If you have armed gun - you can shut your
> leg" :)
>
> I think, the main message idea from Marius is about default security -
>
On Wed, 08 Jan 2014 19:13:02 +0400, Alex wrote:
> On 01/07/2014 01:11 PM, marius adrian popa wrote:
>> Notes on database security assesment
>>
http://www.slideshare.net/qqlan/firebird-interbase-database-engine-hacks-or-rtfm
>>
>
> I see 2 kinds of samples - mixed DDL/DML statements and use of UDF
On 01/07/2014 01:11 PM, marius adrian popa wrote:
> Notes on database security assesment
> http://www.slideshare.net/qqlan/firebird-interbase-database-engine-hacks-or-rtfm
>
I see 2 kinds of samples - mixed DDL/DML statements and use of UDF.
It's well known and documented (can't provide a link bu
Notes on database security assesment
http://www.slideshare.net/qqlan/firebird-interbase-database-engine-hacks-or-rtfm
--
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a c
