On 18-12-2013 17:43, lcampbell wrote: > We have a product, written in Delphi2010, which uses an IBObjects > TIBODatabase object to connect to a Firebird2.5 database. The > TIBODatabase object has properties for username & password, required to > connect. The passwords we're using (SysDBA & two user types) are random > alpha & non-alpha characters, 32-chars long. > > We have reason to suspect (though no proof at this time) that the > security of our DB mayhave been compromised. In way of prevention, we're > putting the question out ... have there been known security issues in > the Delphi/IBO/Firebird chain? Is there an upper limit on FB password > length? Are there ways to further improve our security? Any insight > would be helpful...
Besides the documented limitation that passwords are 8 characters (Firebird 3 will lift that limitation), the connection protocol is not encrypted meaning that people can sniff the traffic and determine the password. Mark -- Mark Rotteveel
