On 12/20/11 14:06, Dimitry Sibiryakov wrote: > 20.12.2011 7:30, Alex Peshkoff wrote: >> Returning to that useful idea - the problem is that when the warning can >> be returned password was already passed to the net in legacy unsafe >> form. > But here you are saying that legacy form is unsafe. AFAIR it is considered > quite safe > since version 2.0 because of using SHA1.
In 2.0 it became better, but mainly not due to use of SHA, but due to correctly closed from foreign eyes security database. (In 1.X one could read all hashes from it having just any non-SYSDBA login.) The main problem with 2.X is that passwords are transferred over the net in poor crypted form, moreover - one can easily use that form as password in any application after modifying a few lines in client library. ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
