On 6-4-2013 12:24, Dimitry Sibiryakov wrote: > 06.04.2013 11:51, Dmitry Yemanov wrote: >> 06.04.2013 13:42, Mark Rotteveel wrote: >> >>> The question is: if you don't have permissions for a column, are you >>> allowed to know of its existence? >> >> I suppose the answer is "yes". Simply because system tables are world >> readable and this is unlikely to be changed in the foreseeable future. > > +1 > > Security by obscurity is not really working. >
First of all, that isn't security through obscurity, secondly some security models posit that knowing of the existence of a dataitem can itself be a breach of security even if you don't know the content of that dataitem. But that is a bit too theoretical and is not really relevant for Firebird ;) Mark -- Mark Rotteveel ------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
