Subject Re: [IB-Architect] The Borland Back Door
Author Olivier Mascia
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> >I have tried IB_WISQL in the first place, then a command-line gfix
> >setting ISC_USER and ISC_PASSWORD; finally I tried specifying the -user
> >and -password from the command line. All with a local connection on my
> >W2K box and Borland's (:-() plain 6.0 build.
> >--
>
> My guess is that most of Borland's tools upcase at least the account.
> The server itself does not. My test program, which was nothing
> much more than a database attach, was written with gpre, and had
> no problem cracking an NT Ibserver.
>
> Jim Starkey

Just like isql and other command-line utilities did for me while testing.
Hopefully the fix works fine on all machines we ran it today.
We then removed all IB distributions and installed FB 0.9.4 in lieu.
That's even better, for us at least.

Thank you so much, Ann, Jim and all other people involved in the discovery, then resolution of this important issue.

Olivier Mascia, om@..., Senior Software Engineer
T.I.P. Group S.A., www.tipgroup.com, Director

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: Public key on ldap://certserver.pgp.com, Key Id 0x2E9AEADF

iQA/AwUBOlx6nKSbOXgumurfEQIAKQCgtkdIebaVpb2reNTXaee67STXfgEAoKLY
oI9fLWG7ouo20kvv6IkTprzh
=6RBs
-----END PGP SIGNATURE-----