On 8/9/22 17:14, Pavel Cisar wrote:
Hi,
Dne 09. 08. 22 v 6:33 Alex Peshkoff via Firebird-devel napsal(a):
Why this restriction exists ?
Because login / password to be validated in the database that does
not exist yet. Therefore password check fails and you can't attach to
server. Without connection to server it's hard to create something on
it ;)
I really don't understand WHY it's necessary to authenticate user
against some database for *create database*.
User to be authenticated to avoid creation of databases by unknown
connections. Your question contains very right words - "against some
database". When authentication is done using dedicated security database
nobody says - do not perform authentication for 'create database'. But
when self database is used - somewhy that appears extra. One sample -
imagine a case when admin created new alias and user for whom alias was
created tries should create database itself. Meantime malicious user
connects to server w/o authentication and creates that database itself.
Next he adds his login with known only to him password to newly created
database (why not - he is DBO) and user for whom alias was created can't
connect to that database.
It's definitely not necessary to provide any kind of database
reference to attach to service manager.
Because by default we use defaut security.db.
I understand that create database also works as connect (i.e. returns
attachment to database),
To be precise - to execute any of CONNECT or CREATE one should first of
all establih connection with server, and valid credentials are needed at
this step. If credentials are passed but should be validated against
missing database - server can't check if they valid or not.
so it will use the same credentials for such connection to created
database in normal way, but to authenticate the right to invoke the
database creation itself, no database should be needed (like it's not
needed for attachment to service manager).
Try to attach to service manager and do something with any self-security
database. You will see that it's also impossible.
*Pavel & Pavel!*
I understand you have some problems with testing system due to unablity
to create self-security database remotely. But I do not understand how
could as solution be suggested not to check credetioals at all, i.e. let
everyone create databases. That's like let everyone atach to server and
enter SYSDBA password when security database failed to proper initialize
at install phaze for some reason. We used to fight for FB security for
many years (almost twenty) and it's very strange for me to here such
suggestions. We added special privilege for create database in order to
avoid creation of databases by regular users. And after it suggestion to
let do it everyone - at least for some databases...
I can think about letting user, authenticated in default security
database with appr.privileges, create self-security databases remotely.
But definitely not what was suggested.
Alex.
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
