Relying on default user names can have unforeseen effects, such as unintentionally bestowing the privileges of the database owner, or even the server process owner, on ordinary users. It is strongly recommended that you have your server application enforce input of a user name and password before any calls are made to the Firebird server process.
Use Dedicated Servers
Avoid sharing the host machine with other services, especially vulnerable ones such as web and FTP servers that potentially invite anonymous logins. Shut down all services not required to run Firebird. On Windows, restrict network access to the Registry on database servers.
Use a Firewall
Placing your server machines behind a firewall is recommended, for obvious reasons. It may be less obvious that providing firewall protection to client processes is also a good idea. It is possible for a rogue user running on a trusted client machine to feed incorrect information to the server and gain privileged access to its databases. Windows clients are notoriously insecure.
A Linux/UNIX server can be configured to recognize trusted clients explicitly. From there, the server implicitly trusts a process running on a trusted client.
The Firebird 1.0.x code has a large number of string copy commands that do not check the length of the data they are requested to copy. Certain of these overruns may be able to be manipulated externally by passing large strings of binary data into SQL statements or pushing random garbage into the server port (currently 3050). Use of these functions is a common technique for malicious buffer overrun attacks intended to bring down servers.
These vulnerabilities are more easily exploited if the server and client processes are not running on trusted networks and/or are not adequately firewalled.
Defensive programming can help to pre-empt denial -of-service (DoS) attacks on your system. Validating the lengths of strings from web input, for example, may be extremely useful.
Firebird Related Interview Questions
|RDBMS Interview Questions||MySQL Interview Questions|
|Linux Interview Questions||Mac OS X Deployment Interview Questions|
|Windows Administration Interview Questions||Windows Server 2003 Interview Questions|
|SQL Interview Questions||NoSQL Interview Questions|
|Advanced C++ Interview Questions|
Introduction To Client/server Architecture
About Firebird Data Types
Date And Time Types
Blobs And Arrays
From Drawing Board To Database
Creating And Maintaining A Database
Firebird’s Sql Language
Expressions And Predicates
Querying Multiple Tables
Ordered And Aggregated Sets
Overview Of Firebird Transactions In
Programming With Transactions
Introduction To Firebird Programming
Developing Psql Modules
Error Handling And Events
Security In The Operating Environment
Configuration And Special Features
Interactive Sql Utility (isql)
Database Backup And Restore (gbak)
Housekeeping Tool (gfix)
Understanding The Lock Manager
All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.