"Create Database" Security Hole?
Red Valsen
database <databasename>"? We're using IDS7.30.UC2 & 7.23.UC1/Solaris
2.6/x86, but I'm sure this is a ubiquitous capability (security hole?)
on all Informix DB products.
Obnoxio The Clown
From: Red Valsen <red_v...@yahoo.com>
Not really, but why is it a security hole? If I can create a database and
populate it, so what?
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
Art S. Kagel
>
> Is there any way to prevent a user (ANY user) from executing "create
> database <databasename>"? We're using IDS7.30.UC2 & 7.23.UC1/Solaris
> 2.6/x86, but I'm sure this is a ubiquitous capability (security hole?)
> on all Informix DB products.
Only by denying the user access to the server by denying login privilege.
Art S. Kagel
Red Valsen
Obnoxio The Clown wrote:
> From: Red Valsen <red_v...@yahoo.com>
> >
> >Is there any way to prevent a user (ANY user) from executing "create
> >database <databasename>"? We're using IDS7.30.UC2 & 7.23.UC1/Solaris
> >2.6/x86, but I'm sure this is a ubiquitous capability (security hole?)
> >on all Informix DB products.
>
Clifton M. Bean
least, I seem to remember this from my days in INFORMIX Technical Support.
I just cannot remember the number assigned to it.
Wonder if it will be part of the 9.2 product that is in beta testing at this
time ...
Red Valsen <red_v...@yahoo.com> wrote in message
news:37A1ABB1...@yahoo.com...
Obnoxio The Clown
From: Red Valsen <red_v...@yahoo.com>
>
>You just might take a fancy to filling my rootdbspace for s&g.
*I* might indeed, but *I* don't have access to your box, er, server, and
surely you would make it clear to any luser that did have access that
filling up your root dbspace is a career limiting move? :-)
>Obnoxio The Clown wrote:
>
> > From: Red Valsen <red_v...@yahoo.com>
> > >
> > >Is there any way to prevent a user (ANY user) from executing "create
> > >database <databasename>"? We're using IDS7.30.UC2 & 7.23.UC1/Solaris
> > >2.6/x86, but I'm sure this is a ubiquitous capability (security hole?)
> > >on all Informix DB products.
> >
Chris Jenkins
This is a recognised security issue. It is currently slated to be addressed
in the
next major release of IDS after 9.2 (IDS.2000).
Chris
Red Valsen wrote in message <37A1ABB1...@yahoo.com>...
Jarrod Roberson
company or someone that is not part of the company ?
Obnoxio The Clown <obn...@hotmail.com> wrote in message
news:7o3r37$od6$1...@news.xmission.com...
>
> From: Red Valsen <red_v...@yahoo.com>
> >
> >You just might take a fancy to filling my rootdbspace for s&g.
>
> *I* might indeed, but *I* don't have access to your box, er, server, and
> surely you would make it clear to any luser that did have access that
> filling up your root dbspace is a career limiting move? :-)
>
> >Obnoxio The Clown wrote:
> >
> > > From: Red Valsen <red_v...@yahoo.com>
> > > >
> > > >Is there any way to prevent a user (ANY user) from executing "create
> > > >database <databasename>"? We're using IDS7.30.UC2 & 7.23.UC1/Solaris
> > > >2.6/x86, but I'm sure this is a ubiquitous capability (security
hole?)
> > > >on all Informix DB products.
> > >
Obnoxio The Clown
From: "Jarrod Roberson" <noe...@nowhere.com>
>
>how is it a career limited move it is someone malicous that is leaving the
>company or someone that is not part of the company ?
Wow! I thought this thread was dead.
Anyway, someone who is malicious and capable of doing stuff like that when
leaving the company could probably do 1000's more evil things to you. If
he's got enough brains to do this, he can probably do far more damaging
things to you. Sure it's a potential problem, but it's not difficult to
repair and there are more pressing issues to worry about.
If you're hacked, filling up your disk is *way* down the list of fun things
they're going to do to you. rm -rf / is *much* more likely, and then you
have loads more disk space! Which is nice... :)