A client side key really needs to be sent over an encrypted connection, but establishing a session key is more than a little tricky. SSL, for examples, uses public key encryption to pass random session keys where the public key is on a certificate signed by recognized authority. Requiring certificates for Firebird would not, I fear, be administrator friendly. But without robust authentication of the server, handshake schemes are vulnerable to man in the middle attacks.
But speaking of man in the middle attacks (and thoroughly off-topic), did everyone see the papers on the successful attack on chip-based smart/credit cards? The bad guys inserted a programmable chip between the contacts on the card and the chip on a stolen card. When the terminal asked the card to validate a PIN, the chip-in-the-middle always said yup. Smart crooks (semi-smart -- they used all their stolen cards at the same stores), really dumb security design. On 11/6/2015 9:59 AM, Dimitry Sibiryakov wrote: > Hello, All. > > Example application works for embedded database access, but not for > remote. Is it as > expected? > ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
