[Info-Ingres] The never ending database name, JDBC and other stories.

[Peter Gale]

Hi Marty,

On 18/04/07, martin.bowes at ctsu.ox.ac.uk <martin.bowes at ctsu.ox.ac.uk> wrote:
>
> Hi Peter,
> > Hi everyone,
> >
> > Is it just me or is this not a major security issue.
> You have to have access to each vnode, plus final authentication
> permission on the database and its tables, so its probably not as bad as
> you may think. But I'd hate to garuntee that evry vnode ever set up was
> intended to be okay in all cases like this. Or for that matter what the
> final username would be when it came to authenticating.


Yes indeed it all has to hang together the potential is there and as far as
security goes a potential hole is a real hole.

>
> > sql vnode:vnode:vnode:.......:dbname
> >
> > seems to work quite happily (performance aside). This means a client
> > which is allowed to connect to Server A but not Server B could connect
> > to B if A can connect to B and A happens to have a vnode to B.
> >
> > sql serverA::serverB::iidbdb
> >
> > In fact we just proved that where I am. What is worse is that if the
> > vnode from A to B just happened to use the DBA username and PWD to
> > authorize then you could do all sorts of serious harm.
>
> Even better try this; break the serverB vnode so it doesn't work.
> The sql serverA::serverB::iidbdb will connect - without error - to
> serverA::iidbdb
>
> Isn't this fun!
> >
> > Not good
> I'd say we should ask IngresCorp to stamp it out.


Absolutely we should. Hopefully Paul is raising the necessary paperwork as
we speak?

Marty
> --
> Random Farscape Quote #2:
> Aeryn - Who knows, we might end up making things better.
> John  - With our record, do you think thats likely?
>
>


-- 
Peter Gale
pgale61 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.kettleriverconsulting.com/mailman/private/info-ingres/attachments/20070418/ba55e8ef/attachment.html