Not really, but why is it a security hole? If I can create a database and
populate it, so what?
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
Only by denying the user access to the server by denying login privilege.
Art S. Kagel
Obnoxio The Clown wrote:
> From: Red Valsen <red_v...@yahoo.com>
> >
> >Is there any way to prevent a user (ANY user) from executing "create
> >database <databasename>"? We're using IDS7.30.UC2 & 7.23.UC1/Solaris
> >2.6/x86, but I'm sure this is a ubiquitous capability (security hole?)
> >on all Informix DB products.
>
Wonder if it will be part of the 9.2 product that is in beta testing at this
time ...
Red Valsen <red_v...@yahoo.com> wrote in message
news:37A1ABB1...@yahoo.com...
*I* might indeed, but *I* don't have access to your box, er, server, and
surely you would make it clear to any luser that did have access that
filling up your root dbspace is a career limiting move? :-)
>Obnoxio The Clown wrote:
>
> > From: Red Valsen <red_v...@yahoo.com>
> > >
> > >Is there any way to prevent a user (ANY user) from executing "create
> > >database <databasename>"? We're using IDS7.30.UC2 & 7.23.UC1/Solaris
> > >2.6/x86, but I'm sure this is a ubiquitous capability (security hole?)
> > >on all Informix DB products.
> >
This is a recognised security issue. It is currently slated to be addressed
in the
next major release of IDS after 9.2 (IDS.2000).
Chris
Red Valsen wrote in message <37A1ABB1...@yahoo.com>...
Obnoxio The Clown <obn...@hotmail.com> wrote in message
news:7o3r37$od6$1...@news.xmission.com...
>
> From: Red Valsen <red_v...@yahoo.com>
> >
> >You just might take a fancy to filling my rootdbspace for s&g.
>
> *I* might indeed, but *I* don't have access to your box, er, server, and
> surely you would make it clear to any luser that did have access that
> filling up your root dbspace is a career limiting move? :-)
>
> >Obnoxio The Clown wrote:
> >
> > > From: Red Valsen <red_v...@yahoo.com>
> > > >
> > > >Is there any way to prevent a user (ANY user) from executing "create
> > > >database <databasename>"? We're using IDS7.30.UC2 & 7.23.UC1/Solaris
> > > >2.6/x86, but I'm sure this is a ubiquitous capability (security
hole?)
> > > >on all Informix DB products.
> > >
Wow! I thought this thread was dead.
Anyway, someone who is malicious and capable of doing stuff like that when
leaving the company could probably do 1000's more evil things to you. If
he's got enough brains to do this, he can probably do far more damaging
things to you. Sure it's a potential problem, but it's not difficult to
repair and there are more pressing issues to worry about.
If you're hacked, filling up your disk is *way* down the list of fun things
they're going to do to you. rm -rf / is *much* more likely, and then you
have loads more disk space! Which is nice... :)