Subject Re: [IB-Architect] The Borland Back Door
Author Nando Dessena
Jim,

> The magic account and passwords were compiled in, non-changable,
> and were among the stupidest account/passwords pairs ever invented:
> mention the account name and 8 out of 10 people would guess the
> password on the first try. Given the account and password
> pair, a hacker could attach any Interbase database on any
> platforms for all Borland Interbase versions between 1994 and
> 2000.

I have diligently applied the fix, and out of curiosity went out to
discover what the magic words were. I must say that I remained
astonished; I thought I was using a product (a few products, actually)
made by professionals; Anyway...
My new "secure" IB6 server won't let me in with the magic account, but
neither will the "insecure" one. Creating the magic account in the
security database doesn't change things. How can I make sure that I had
a security hole and, most of all, that it's gone after the patch?

I guess that a public answer would imply revealing some details that are
best kept secret; I'll accept any word that can make me rest assured.
--
____
_/\/ando