Subject Re: [ib-support] Connect w/o user/pass as root or Administrator
Author Helen Borrie
At 01:50 PM 17/01/2003 +0100, you wrote:
>Hello everybody,
>
>I have a strange problem on my hands: a customer of mine found out he
>could connect to any database if he left the user and passwords fields
>blank (using an app I wrote).
>
>I asked him to check if the envvars ISC_USER and ISC_PASSWORD
>existed. They didn't.
>
>I know he works under Win2K so I asked if he logged into Windows as
>Administrator. Yes, he did; if he logged in as another user, the free
>access didn't work.
>
>If he logs in as Aministrator, he can connect without user/pass using
>my app, using isql and using a small testapp I wrote specifically for
>this.
>
>Now, in the Data Defintion Guide it says:
>
>" Interbase also supports a SYSDBA user who has access to all database
>" objects; furthermore, on platforms that support the concept of a
>" superuser, or user with root or locksmith privileges, such a user
>" also has access to all database objects.
>
>(As a sideline: how about that locksmith hint? :-) Yes, I know they
> don't mean that, but it's funny they chose that word here.)
>
>The guide "Using Firebird" says the same, in a somewhat different
>wording.
>
>This would be an explanation, were it not that:
>
>- I have two Win2K installations - same version as customer - running
> Firebird 1.0 - same version as customer - as a service - just like
> customer - and there is NO WAY that I can connect to ANY database
> without specifying user/pass, even if I'm logged in as Administrator.
> Not with my app, not with isql, not with the testapp, nothing.
>
>- I have two Linux boxes running FB 1.0 SS, and there is NO WAY etc...
> even if I log in as root.
>
>During the process of trying-to-figure-out-what the customer even
>mailed me his gds32.dll (byte for byte identical to mine), his
>isc4.gdb (nothing weird there: one SYDBA and one user for my app),
>his ibconfig (standard; just like mine) and a screenshot of his
>envvars (like he said: no ISC_xxxx there).
>
>So I'm left clueless.
>
>I'd like to know:
>
>- Is it or is it not standard/intended behavior in FB 1.0 that root and
> Administrator can connect to databases without specifying user/pass ?

No way, on a Windows server.


>- If so: why doesn't it work at my place, on two Win2Ks and two Linuxes?
>
>- If it is NOT standard behaviour, what might be going on at my
> customer's place? Is there any Registry key FB/Win might be looking
> at if user/pass are not specified?

One possibility I can think of, since I know you sometimes use IB Objects...

If you have the PasswordStorage property set up as psNotSecure and you have
the username and password hard-coded in there somewhere, then your users
will be able to log in. Perhaps you accidentally shipped a version to this
customer, which you compiled on your dev machine...?

Helen