-
|
Thanks for the great work. Exploring the possibilities of firebird, libreoffice, odbc and flamerobin I stumbled on the fr_databases.conf file. Why is it that username and password are plainly visible in this file? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Hello ! @gthb2016 This is not a standard security practice, but it is a pattern commonly seen with Wi-Fi passwords. However, in this case, if the user’s home directory is not properly secured, it can create a major vulnerability 🧐. While the password is encrypted and stored in security?.fdb, when a user logs into a database via the graphical interface, the password used for the successful connection is saved in the XML file you mentioned (fr_databases.conf). Note: Connecting via |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your answer and apologies for my late reply. In the meantime I've discovered the culprit. It's me, I didn't pay attention. When establishing a new connection in FlameRobin you have 4 authentication options, by default it's "Use saved user name and password", like you said not a standard security practice. With that option password is visible fr_databases.conf. I had to choose one of the other options for more security. |
Beta Was this translation helpful? Give feedback.
Thank you for your answer and apologies for my late reply. In the meantime I've discovered the culprit. It's me, I didn't pay attention. When establishing a new connection in FlameRobin you have 4 authentication options, by default it's "Use saved user name and password", like you said not a standard security practice. With that option password is visible fr_databases.conf. I had to choose one of the other options for more security.