Subject Re: [Firebird-Java] Re: Denied connections due to character set
Author Mark Rotteveel
On 15-2-2017 17:21, 'William L. Thomson Jr.' wlt-ml@...
[Firebird-Java] wrote:
>> I will also consider if I can move the introduction of a connection
>> property to control the list of plugins to try and their order, to
>> before the Jaybird 3 release.
> Something that could be specified on the URL may help. Just for legacy, so
> would not be normal for default/SRP.

I already had for Jaybird
3.1; I'm considering moving it.

>> The error is a straight out failure, so it is not possible for Jaybird
>> to continue with the next plugin on its own (using a Firebird 3
>> fbclient.dll will exhibit the same behavior if it tries Srp first).
> Could the order be reversed and try legacy then Srp? If Srp failure is causing
> problems for Jaybird to try the next plugin. That may be another way to go,
> although more ideal to use Srp first then legacy. May need to reverse for a
> transition period.

I'd prefer not to: trying the most secure option first is preferable,
otherwise passwords can leak unintentionally.

> I can see others doing legacy before srp, though some may go the opposite. I
> get what your saying, since Srp, Legacy did not work for Jaybird 2 and
> Flamerobin. If Srp fails and Legacy did not, it was not trying legacy just
> failing to connect. Thus me having Legacy, Srp ordering.

Jaybird 2.2 should work no matter the order of the authentication
plugins in the list (although I recall there have been various problems
in this area with pre-release versions of Firebird 3). As long as
Legacy_Auth is included and WireCrypt is Enabled or Disabled (not
Required), Jaybird 2.2 can authenticate (assuming the user exists as a
legacy authentication user). That is because Jaybird 2.2 only supports
protocol version 10, which only supports Legacy_Auth.

As a matter of fact, most of my test are run with Firebird 3 (and 4)
configured with the AuthServer config as Srp, Legacy_Auth.

Mark Rotteveel