On Wed, 08 Jan 2014 19:41:16 +0400, Alex <peshk...@mail.ru> wrote: > On 01/08/2014 07:22 PM, Sergey Mereutsa wrote: >> Hello Alex, >> >> ... skipped ... >> >> A> I.e. on my mind the presentation is about nothing. >> >> The presentation is about "If you have armed gun - you can shut your >> leg" :) >> >> I think, the main message idea from Marius is about default security - >> i.e. by default FB after installation should not allow >> _unprivileged_ user to make shot in his/her legs :) >> > > But all samples provided _do_ require privileged user (sysdba or root) -
> may be except > CREATE DATABASE '<host>:<abritrary non-existent path>'; > Currently everyone can create new DB and become it's DBO. > That's what will be changed in fb3 before beta1. He simply demonstrates that once you 'own' a Firebird server, you can use that to further exploit/hack into a server. Mark ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
