Join Firebird!

Join Firebird Foundation to support Firebird SQL development and receive multiple bonuses

Follow Us

Select your media preference

Newsletter

Subscribe to Firebird’s Newsletter to receive the latest news

Developer's Report: Core Security and Design Enhancements
June to August 2016
Most of my work during the period was aimed at fixing bugs in Firebird 3.

Fixing FB3 bugs:

  • 5213: Database may get decrypted after changing couple of bytes in database header w/o 'agreement' from crypt plugin
  • 5225: Authentication end with first plugin that has the user but auth fails; should continue with next plugin
  • 5278: A number of SPB parameters fail   unregistered: fixed assertions in user mapping code whne trace is active, minor trace performance optimization
  • 5279: Granting access rights to view is broken
  • 5285: Segfault when attachment is closed before its request/statement/etc.
  • 5296: Error in network protocol when performing callback to client for database crypt key
  • 5292: Database corrupted when trying to encrypt it but appropriate key is missing
  • 5294: Memory leak when use SHOW GRANTS on new empty database (also enhanced internal memleaks search tool in master branch)
  • 5284: Firebird fails to build with USE_VALGRIND
  • 5308: ISQL hangs in BLOBVIEW command
  • 5264: Database cannot be unlocked  by nbackup if located on a raw device
  • 5270: FBSVCMGR does not produce error while attempting to shutdown a database without specified timeout (prp_force_shutdown N)
  • 5318: Bug in ESQL applications
  • 5339: Assertion in createDatabase() when doing overwrite check

Test Tools

  • Kept fbtcs alive & up-to-date.

Feature: Predefined system roles

  • 5291: Error messages differ when regular user tries to RESTORE database, depending on his default role and (perhaps) system privilege USE_GBAK_UTILITY
  • 5269: FBTRACEMGR should understand "role " command switch (needed to explicitly connect with role with "TRACE_ANY_ATTACHMENT" privilege)

Security Enhancements in FB4 not yet mentioned on planning board

  • 5266: Allow statement 'create OR ALTER user sysdba password ...' to initialize empty securityN.fdb (3 lines change)
  • 5248: Improve consistency in GRANT syntax between roles and privileges according to SQL standard

Feature Planning

Ongoing active discussion (private, in Russian) with Vlad and Dmitry regarding design for batch API operations & timeouts.
Checked and approved after a number of iterations pull requests prepared by Roman Simakov for granting roles to other roles and user groups / accumulative permissions.

Alex Peshkov
Yaroslavl, Russia
June to August 2016
Most of my work during the period was aimed at fixing bugs in Firebird 3.

Fixing FB3 bugs:

  • 5213: Database may get decrypted after changing couple of bytes in database header w/o 'agreement' from crypt plugin
  • 5225: Authentication end with first plugin that has the user but auth fails; should continue with next plugin
  • 5278: A number of SPB parameters fail   unregistered: fixed assertions in user mapping code whne trace is active, minor trace performance optimization
  • 5279: Granting access rights to view is broken
  • 5285: Segfault when attachment is closed before its request/statement/etc.
  • 5296: Error in network protocol when performing callback to client for database crypt key
  • 5292: Database corrupted when trying to encrypt it but appropriate key is missing
  • 5294: Memory leak when use SHOW GRANTS on new empty database (also enhanced internal memleaks search tool in master branch)
  • 5284: Firebird fails to build with USE_VALGRIND
  • 5308: ISQL hangs in BLOBVIEW command
  • 5264: Database cannot be unlocked  by nbackup if located on a raw device
  • 5270: FBSVCMGR does not produce error while attempting to shutdown a database without specified timeout (prp_force_shutdown N)
  • 5318: Bug in ESQL applications
  • 5339: Assertion in createDatabase() when doing overwrite check

Test Tools

  • Kept fbtcs alive & up-to-date.

Feature: Predefined system roles

  • 5291: Error messages differ when regular user tries to RESTORE database, depending on his default role and (perhaps) system privilege USE_GBAK_UTILITY
  • 5269: FBTRACEMGR should understand "role " command switch (needed to explicitly connect with role with "TRACE_ANY_ATTACHMENT" privilege)

Security Enhancements in FB4 not yet mentioned on planning board

  • 5266: Allow statement 'create OR ALTER user sysdba password ...' to initialize empty securityN.fdb (3 lines change)
  • 5248: Improve consistency in GRANT syntax between roles and privileges according to SQL standard

Feature Planning

Ongoing active discussion (private, in Russian) with Vlad and Dmitry regarding design for batch API operations & timeouts.
Checked and approved after a number of iterations pull requests prepared by Roman Simakov for granting roles to other roles and user groups / accumulative permissions.

Alex Peshkov
Yaroslavl, Russia