Firebird can admit client connections to servers on POSIX platforms that bypass Firebird user authentication and use the operating system user and permissions scheme instead. It is a long-time feature that was inherited from InterBase virtually undocumented. Not knowing about it leaves a big security hole on POSIX platforms if the POSIX user access path is left wide open and the system admin mistakenly assumes that the security database is the ultimate gatekeeper.
It is not. When POSIX users log in without passing a Firebird user name and password, the authentication routine substitutes the current operating system identity for the Firebird user identity. If the operating system user has root privileges, be afraid—be very afraid.
In order for POSIX users to be allowed access to Firebird databases via their operating system user credentials, it is essential to define a trusted host relationship between the server and each client workstation. This translates to entries in /etc/host.equiv, or by other means, such as an .rhost file in the user’s home directory on the server.
The environment variables ISC_USER and ISC_PASSWORD must be eliminated from the system.
Firebird Related Interview Questions
|RDBMS Interview Questions||MySQL Interview Questions|
|Linux Interview Questions||Mac OS X Deployment Interview Questions|
|Windows Administration Interview Questions||Windows Server 2003 Interview Questions|
|SQL Interview Questions||NoSQL Interview Questions|
|Advanced C++ Interview Questions|
Introduction To Client/server Architecture
About Firebird Data Types
Date And Time Types
Blobs And Arrays
From Drawing Board To Database
Creating And Maintaining A Database
Firebird’s Sql Language
Expressions And Predicates
Querying Multiple Tables
Ordered And Aggregated Sets
Overview Of Firebird Transactions In
Programming With Transactions
Introduction To Firebird Programming
Developing Psql Modules
Error Handling And Events
Security In The Operating Environment
Configuration And Special Features
Interactive Sql Utility (isql)
Database Backup And Restore (gbak)
Housekeeping Tool (gfix)
Understanding The Lock Manager
All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.