20.12.2011 10:30, Alex Peshkoff wrote: > Returning to that useful idea - the problem is that when the warning can > be returned password was already passed to the net in legacy unsafe > form. That's not too big problem if this is password for FB<3. The worst > case is when user mixed two servers and used password for FB3 server > with older version. Yes, he gets logon error and a warning together with > it - but password is already compromised.
Is it possible to skip SRP for protocol versions less than FB3's one? I.e. decide which auth method to use *after* getting a reply on op_connect? Dmitry ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
