LeTay
asked on
Firebird server vulnerability ?
I have at home a Firebird server installed on my PC
It is accessible from the internet.
I developped a simple application for friends.
I didn't change the default admin and password account of the DB that can be accessed.
Is there some vulnerability involved ?
I mean, if somebody connects to it with for example SQL Manager Lite, can he do something else than "play" with the data inside that database ?
It is accessible from the internet.
I developped a simple application for friends.
I didn't change the default admin and password account of the DB that can be accessed.
Is there some vulnerability involved ?
I mean, if somebody connects to it with for example SQL Manager Lite, can he do something else than "play" with the data inside that database ?
ASKER
Understood.
Now how do I dedicate a specific user to access it ?
Now how do I dedicate a specific user to access it ?
Simply create a new user in your Windows (Control Panel - User Accounts) and assign this user to the Firebird service. This user must not be an administrator and it must have full access to the data folder and all parts of your system used by Firebird. More about installation and security is here: http://www.firebirdsql.org/manual/qsg2-config.html
Also your friends should use newly created Firebird user names and their own passwords not the SYSDBA with masterkey.
Also your friends should use newly created Firebird user names and their own passwords not the SYSDBA with masterkey.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Can you refresh my mind about the way to setup an account and password in a firebird database ?
Thanks
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
OK, possible computer data damage depends on the user under which is Firebird running on the server (your computer). If the PC user has sufficient rights and the person attacking the computer is experienced enough then your computer is not safe. Firebird supports external UDFs which can do almost anything...
OTOH, are your friends experienced enough in computer hacking? Probably not. Do you know their friends? Probably not... etc.
So assign the Firebird to a dedicated user which can access just the Firebird data and the rest of computer is moreless safe.