Hi,
Dne 09. 08. 22 v 17:02 Alex Peshkoff via Firebird-devel napsal(a):
*Pavel & Pavel!*
I understand you have some problems with testing system due to unablity
to create self-security database remotely. But I do not understand how
could as solution be suggested not to check credetioals at all, i.e. let
everyone create databases. That's like let everyone atach to server and
enter SYSDBA password when security database failed to proper initialize
at install phaze for some reason. We used to fight for FB security for
many years (almost twenty) and it's very strange for me to here such
suggestions. We added special privilege for create database in order to
avoid creation of databases by regular users. And after it suggestion to
let do it everyone - at least for some databases...
I did not suggested to do not authenticate user! My question was why
user has to be authenticated AGAINST YET TO BE CREATED database. It
simply doesn't make sense at all for me. I would expect that for create
database, the user would be authenticated in the same way as for
attachment to service manager. The reason is that user does not need to
have any prior valid attachment to call create database, so credentials
passed for create database should be used to verify that such database
could be created for that user, but not the database specification
itself! It should be used for connection to created database, but not
for creation. It's IMHO illogical that setting for not yet created
database are used to do that (which fails when created db is
self-security) instead default security database. The creation of
self-security db via local (i.e. bypass of authentication check) is IMHO
a hackish workaround that beats the purpose of security, because
self-security databases could NOT be ever created in insecure way.
I can think about letting user, authenticated in default security
database with appr.privileges, create self-security databases remotely.
But definitely not what was suggested.
Yes, that was suggested, just probably wrongly worded. I though that
when referencing that right to create database should be checked in the
same way as attachment to service manager (which does not use some
database reference passed by user to decide which security db to use)
instead database that does not exists yet is quite clear.
best regards
Pavel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
