Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

optionally disable non SYSDBA use of Server API [CORE787] #1171

Closed
firebird-issue-importer opened this issue Jan 24, 2005 · 10 comments
Closed

optionally disable non SYSDBA use of Server API [CORE787] #1171

firebird-issue-importer opened this issue Jan 24, 2005 · 10 comments

Comments

@firebird-issue-importer

Submitted by: tectsoft (tectsoft)

SFID: 1108190#⁠
Submitted By: tectsoft

Would be nice if FB had the option to disable non
SYSDBA use of the server API.

Currently any user can view active
databases/connected users, this is not necesarily a
good thing especially in an ISP environment

Commits: e2ab4df

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 14, 2006

Commented by: Alice F. Bird (firebirds)

Date: 2005-09-03 12:48
Sender: tectsoft
Logged In: YES
user_id=1154545

FYI I was thinking for use by ISP, typically it wouldn't be
a good idea to let non SYSDBA see other users or currently
attached databases.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 14, 2006

Commented by: Alice F. Bird (firebirds)

Date: 2005-09-01 12:33
Sender: alexpeshkoff
Logged In: YES
user_id=423445

Let's prepair complete list. I don't see problems doing it
in 2.0

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 14, 2006

Commented by: Alice F. Bird (firebirds)

Date: 2005-08-31 18:52
Sender: dimitr
Logged In: YES
user_id=61270

First, some Services API requests should check the admin
privileges. Candidates are: isc_info_svc_svr_db_info,
isc_info_svc_user_dbpath and perhaps some others.

Second, I'd suggest that isc_database_info() should return
only one username if the isc_info_user_names request is
performed by non-admin user.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 16, 2006

Modified by: @pcisar

issuetype: New Feature [ 2 ] => Improvement [ 4 ]

SF_ID: 1108190 =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jul 1, 2006

Modified by: @dyemanov

Component: Security [ 10071 ]

SF_ID: 1108190 =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 19, 2007

Commented by: @AlexPeshkoff

Disabled non-SYSDBA access to mentioned parts of API.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 19, 2007

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.1 Beta 1 [ 10141 ]

SF_ID: 1108190 =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jun 20, 2007

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 28, 2008

Modified by: @pcisar

Workflow: jira [ 10811 ] => Firebird [ 15236 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 19, 2016

Modified by: @pavel-zotov

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants