The v.2.0 Superserver has active protection to make a brute-force attack more difficult. After a few failed attempts to log in, the user and IP address are locked for a few seconds, denying any attempt to log in with that particular user name OR from that particular IP address for a brief period.
No setup or configuration is required for this feature. It is active automatically as soon as the Firebird 2.0 Superserver starts up.
New security database
The new security database is renamed as security2.fdb. Inside, the user authentication
table, where user names and passwords are stored, is now called RDB$USERS. There is no longer a table named "users" but a new
view over RDB$USERS that is named "USERS". Through this view, users can change their passwords.
For details of the new database, see
New security database in the section about
authentication later in this chapter.
For instructions on updating previous security databases, refer to the section
Dealing with the new security database at the end of this chapter.
Better password encryption
A. Peshkov
Password encryption/decryption now uses a more secure password
hash calculation algorithm.
Users can modify their own passwords
A. Peshkov
The SYSDBA remains the keeper of the security database. However, users can now modify their own passwords.
Non-server access to security database is rejected
A. Peshkov
gsec now uses the Services
API. The server will refuse any access to security2.fdb except through the Services Manager.
Active protection from brute-force attack
A. Peshkov
Attempts to get access to the server using brute-force techniques on accounts and passwords are now detected and locked out.
- Login with password is required from any remote client.
- Clients making too many wrong login attempts are blocked from further attempts for a period.
Support for brute-force attack protection has been included in both the attachment functions of the Firebird API and the Services API. For more details, see
Protection from brute-force hacking.