ramblings on PHP, SQL, the web, politics, ultimate frisbee and what else is on in my life
back

Another Interbase Security Issue found first in Firebird

A few years ago a backdoor was found in Firebird, the open source fork of Interbase, that already existed in the original Interbase product and was still in the version of Interbase that was sold at the time. Nowadays this is fixed, but it was kind of scary that a company would add a backdoor and then totally forget about it, why else would they not have removed it before open sourcing (after all a backdoor only works through obscurity)? Anyways the other day another security issue (this sort of thing happens to the best of them) in Interbase that was fixed in January in Firebird already.

The security issue has been long disclosed. Now why on earth would the Interbase developers not follow security alerts on Firebird. It seems there is a very high probability that any Firebird issue will also be present in Interbase. I guess Interbase developers just sit in their isolated ivory tower not bothering with what is going on in the rest of the world.

The sum of the matter is that the open source guys had a fix out that was mentioned in the report, while Interbase does not yet have a fix out. I do not know the details of the situation and how much forward warning each project had, but it does seem to validate a common perception, that OSS guys are quicker with getting fixes out the door.

BTW: I have never used Firebird or Interbase. I only had Firebird installed a while back to test the PEAR::MDB2 driver. But it does seem like a much more full featured RDBMS compared to MySQL, that shines as a very good embedded SQL database.

Comments



Re: Another Interbase Security Issue found first in Firebird

Firebird is IMHO the best embedded database around, it has all the features of the server one available and can be upgraded to full server in a snap.

Re: Another Interbase Security Issue found first in Firebird

These days i work with firebird on my ubuntu servers and it works quite well with php 5.2.x and apache
So is not only for embedded applications , i have php drivers for mdb2 , zend db , adodb, pdo , cake php ... and so on
there are many frameworks an i have tested the cakephp with it
Also here is an howto install jaws cms written with mdb2 that just works and it doesn't need to be modified
http://mapopa.blogspot.com/2008/05/installing-jaws-on-ubuntu-and-firebird.html

there are black sheeps too like wordpress that doesn't work on anything but mysql , maybe they should learn from jaws cms to write with an dal

Before you can post a comment please solve the following captcha.

your name: