Server does not validate correctness of user/password pair provided in EXECUTE
STATEMENT operator
-------------------------------------------------------------------------------------------------
Key: CORE-5082
URL: http://tracker.firebirdsql.org/browse/CORE-5082
Project: Firebird Core
Issue Type: Bug
Components: Engine
Affects Versions: 3.0 RC1
Reporter: Alexander Peshkov
Since FB3 regular password validation takes place in remote listener (network
server). This makes possible to execute arbitrary statement as any user
providing dummy password.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
