Em 19/05/2016 14:48, Adriano dos Santos Fernandes escreveu: > On 19/05/2016 13:53, Alex Peshkoff wrote: >> You know yourself that for embedded connections on open source product >> any credential validation is not reliable - everyone can rebuild >> required dynamic library commenting out 2-3 lines where needed and >> become SYSDBA. I think that the only reliable thing for embedded is >> rights of OS user. Use of them to check access to host filesystem >> appears native. >> > > This is true only if you don't consider newer security methods, for > example, Java code, and even I knowing nothing about it, SE-Linux / > AppArmor etc. > > If the Java code or other security method can prevent the user code from > writing to the file system and FB memory space, it can be constrained by > logical security control, which just does not exist in the embedded > library if you think only in the "it's in the same machine so there is > no security" way. >
At the same time, the FB/Java plugin code (not user code), which was installed by sysadmin, needs to connect to java-security.fdb and the user current database without password. Adriano ------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
