On 18 Dec 2013 13:14:07 -0800, <[email protected]> wrote: > ---In [email protected], <mark@...> wrote: > >> Besides the documented limitation that passwords are 8 characters > > (Firebird 3 will lift that limitation), the connection protocol is not >> encrypted meaning that people can sniff the traffic and determine the >> password. > > Password is never passed over the wire in open form. It is encrypted by > client...
Yes, but that is still susceptible to a replay attack, so the fact that it is encrypted doesn't actually matter for someone with the will and means, and of course several alternative wire protocol implementations (eg Jaybird) don't actually encrypt the password. Mark
