Menu
▾
▴
Re: [Firebird-devel] crypt plugins
|
From: Milan B. <mi...@km...> - 2004-09-23 10:16:46
|
Jim Starkey wrote: >> The reason is simple. It's easy to protect your network connection >> from sniffers using any tool you like. But currently it's impossible >> to protect from 'select user_name, password from users;', no 3-rd >> party software will help you. Any user can read hashes of all others. >> We can solve this problem only inside firebird, for example, making >> hashes harder to brutforce. > > Ah, clearly you have never run a network of Linux servers. The life > expectancy of an out-of-the-box Linux from a disto is about 72 hours. > However, even without hackers, any PC user can put his ethernet board > into promiscuous mode and get all traffic. And if you leave your LAN, > every node on any IP routing can read your traffic. Do you really want > to hand them your passwords? That is easily eliminated by using stunnel or zebedee on the same server where the Firebird is run. > If you don't believe in the strength of encryption, however, nothing > works. For security design purposes, secure hash is presumed secure. > In practice and known theory, SHA is secure. Loss of password over the > wire is 10**10 more important than worrying that someone will break a > secure hash. But the loss on wire is very easy to prevent. I know I'm not one of the core developers, but I wouldn't like Firebird to implement any SSL, SSH or similar protocol. I like it to stay quick-small-fast DBMS. Regards, -- Milan Babuskov http://fbexport.sourceforge.net http://www.flamerobin.org |
