On 12/19/11 21:43, Dimitry Sibiryakov wrote: > 19.12.2011 17:58, Alex Peshkoff wrote: >> but here security problem >> comes. User will not know, does he work with new server (using secure >> channel) or with old one (insecure channel). > Make isc_attach_database() to return warning if insecure channel is used. >
Returning to that useful idea - the problem is that when the warning can be returned password was already passed to the net in legacy unsafe form. That's not too big problem if this is password for FB<3. The worst case is when user mixed two servers and used password for FB3 server with older version. Yes, he gets logon error and a warning together with it - but password is already compromised. I do not want to say that we should not have such warning. Certainly, we should have it. But unfortunately that's not complete solution. ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
