Interbase 6 still uses sysdba/masterkey and while you should always change
the password (if you care about security), those desperate to get in can
always reinstall IB and connect to your db using masterkey. This means they
can always manage to access a database if they can copy it. But that's not
a security problem as such - if you don't change the sysdba password or if
people have direct access to database files then you can't claim any sort of
security anyway (without disk-level encryption).
So what's the story with SQL7?
Cheers,
Carl
-----Original Message-----
From: Mark Derricutt [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 22 August 2000 8:32 AM
To: Multiple recipients of list database
Subject: [DUG-DB]: SQL7's blank password...
Well, the 'net currently in a nice flaming match over SQL7's blank
password discovery, an interesting read of posts on slashdot.org as well
the various threads on bugtraq (nice 'exploit' code from Herbless as
well).
Anyways, anyone here have any comments on this issue? I noticed that in
all of the postings there wasn't a mention of Interbase and its default
sysdba/masterkey password (is this the same for IB6?).
Mark
--
"We don't guarantee anything except that it will take up disk space..."
Apache 2.0alpha5 Disclaimer
Now Playing: Fates Warning - One
---------------------------------------------------------------------------
New Zealand Delphi Users group - Database List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
---------------------------------------------------------------------------
New Zealand Delphi Users group - Database List - [EMAIL PROTECTED]
Website: http://www.delphi.org.nz
