Subject RE: [IB-Architect] The Borland Back Door
Author Jim Starkey
At 03:46 PM 1/10/01 +0100, Tobias Giesen wrote:
>but in the end Borland did react to this by removing IB6 from their download
>page, didn't they? Or is that a completly different matter?

After about a week they removed the binaries but left the source
available. Then, believe it or not, they committed a change to
the offending source file that removed the offending macros. The
problem with this is that anyone who asked for the differences
between versions had account/password highlighted in contrasting
color. In the last several days they cleaned this up as well.

Borland is been totally unresponsive. We needed the install directories
and library names on the various platforms for ibsecure. Borland
wouldn't even return our phone calls.

Interestingly enough, Borland's initial reaction was the following:

>Date: Wed, 20 Dec 2000 14:30:54 -0800
>From: Sriram Balasubramanian <bsriram@...>
>To: ibcommit@...
>Subject: CVS update: InterBase/jrd
>Date: Wednesday December 20, 2000 @ 14:30
>Author: bsriram
>Update of /usr/local/InterBaseSoftwareCorporation/InterBase/jrd
>In directory goober:/tmp/cvs-serv21789
>Modified Files:
>Log Message:
>Change LOCKSMITH_USER and LOCKSMITH_PASSWORD values for the new InterBase
>release. This is being done in our internal CVS tree *only* due to
>security implications.
>Please download this file from our internal CVS tree and build the new
>version of InterBase.
>This is as discussed by the InterBase Core Team as of 20-Dec-2000
>-bsriram, 20-Dec-2000

Jim Starkey