| Subject | RE: [ib-support] Connect w/o user/pass as root or Administrator |
|---|---|
| Author | Alan McDonald |
| Post date | 2003-01-17T22:17:29Z |
Paul, when he has this "free access" it should be easy to see from the
server (IBConsole) who is actually connected by looking at the users. That
may give you the clue as to what is going on. e.g. if an error has been made
an the database to give PUBLIC all acce3ss to the databases or to a role
with access, then what you are describing can happen
Alan
-----Original Message-----
From: Paul Vinkenoog [mailto:paul@...]
Sent: Saturday, 18 January 2003 12:55 AM
To: ib-support@yahoogroups.com
Subject: Re: [ib-support] Connect w/o user/pass as root or Administrator
Hi Helen,
work either, at least not with isql.
It's not that I want this to work - I just want to get as complete a
picture as possible in order to pinpoint what's going on at my
customers's site.
psKeyFromUserReg. However, I'm only human. So I checked the source
code (had to make some other changes anyway), rebuilt the app from
scratch, shipped it to the customer... at HIS place he still had free
access to any database (not only the one the app was written for), at
MY place: nothing.
Then I wrote a small testapp, again using IBO. Same results. So I
thought it might be an internal IBO thing. Changed testapp to log
current values of Connection->Username and Connection->Password before
and after any significant event. Results: the customer can connect
happily to anything he likes, and the logs show that Username and
Password remain empty all the time.
If I use the same testapp at my place (as Administrator) nothing
connects without explicitly specifying user/pass.
So far, it still might be an IBO thing, but:
My customer can also connect to any database using isql (but not with
IBConsole or IBOConsole) w/o user/pass, as long as he's Administrator.
That's why I decided it must be a Firebird / Win2000 issue.
Since ISC_USER and ISC_PASSWORD are not defined, all I can think of is
the Registry. But I've never heard Firebird looks for usernames or
passwords there.
So... any suggestions are appreciated.
Greetings,
Paul Vinkenoog
To unsubscribe from this group, send an email to:
ib-support-unsubscribe@egroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
server (IBConsole) who is actually connected by looking at the users. That
may give you the clue as to what is going on. e.g. if an error has been made
an the database to give PUBLIC all acce3ss to the databases or to a role
with access, then what you are describing can happen
Alan
-----Original Message-----
From: Paul Vinkenoog [mailto:paul@...]
Sent: Saturday, 18 January 2003 12:55 AM
To: ib-support@yahoogroups.com
Subject: Re: [ib-support] Connect w/o user/pass as root or Administrator
Hi Helen,
>>- Is it or is it not standard/intended behavior in FB 1.0 that rootOK. And on Linux? Because on my Linuxes with FB 1.0 SS, it doesn't
>> Administrator can connect to databases without specifying user/pass
>
> No way, on a Windows server.
work either, at least not with isql.
It's not that I want this to work - I just want to get as complete a
picture as possible in order to pinpoint what's going on at my
customers's site.
>>- If it is NOT standard behaviour, what might be going on at myI thought of that too. But I never use anything else than psNone and
>> customer's place? Is there any Registry key FB/Win might be looking
>> at if user/pass are not specified?
>
> One possibility I can think of, since I know you sometimes use IB
> Objects...
>
> If you have the PasswordStorage property set up as psNotSecure and
> you have the username and password hard-coded in there somewhere,
> then your users will be able to log in. Perhaps you accidentally
> shipped a version to this customer, which you compiled on your dev
> machine...?
psKeyFromUserReg. However, I'm only human. So I checked the source
code (had to make some other changes anyway), rebuilt the app from
scratch, shipped it to the customer... at HIS place he still had free
access to any database (not only the one the app was written for), at
MY place: nothing.
Then I wrote a small testapp, again using IBO. Same results. So I
thought it might be an internal IBO thing. Changed testapp to log
current values of Connection->Username and Connection->Password before
and after any significant event. Results: the customer can connect
happily to anything he likes, and the logs show that Username and
Password remain empty all the time.
If I use the same testapp at my place (as Administrator) nothing
connects without explicitly specifying user/pass.
So far, it still might be an IBO thing, but:
My customer can also connect to any database using isql (but not with
IBConsole or IBOConsole) w/o user/pass, as long as he's Administrator.
That's why I decided it must be a Firebird / Win2000 issue.
Since ISC_USER and ISC_PASSWORD are not defined, all I can think of is
the Registry. But I've never heard Firebird looks for usernames or
passwords there.
So... any suggestions are appreciated.
Greetings,
Paul Vinkenoog
To unsubscribe from this group, send an email to:
ib-support-unsubscribe@egroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/