Firebird Documentation IndexFirebird 2.1 Release NotesSecurity → Other Security Improvements
Firebird Home Firebird Home Prev: For Any PlatformFirebird Documentation IndexUp: SecurityNext: Dealing with the New Security Database

Other Security Improvements

isc_service_query() wrongly revealed the full database file spec
Any user could view the server log through the Services API

isc_service_query() wrongly revealed the full database file spec

Feature request CORE-1091

(V.2.1) When the server is configured "DatabaseAccess = None", isc_service_query() would return the full database file path and name. It has been corrected to return the database alias—one more argument in favour of making the use of database aliases standard practice!

Any user could view the server log through the Services API

Feature request CORE-1148

This was a minor security vulnerability. Regular users are now blocked from retrieving the server log using the Services API. Requests are explicitly checked to ensure that the authenticated user is SYSDBA.

Prev: For Any PlatformFirebird Documentation IndexUp: SecurityNext: Dealing with the New Security Database
Firebird Documentation IndexFirebird 2.1 Release NotesSecurity → Other Security Improvements