Subject [ib-support] RESULTS: Connect w/o user/pass as root or Administrator
Author Paul Vinkenoog
Hello all,

Two weeks ago I wrote:

> I have a strange problem on my hands: a customer of mine found out
> he could connect to any database if he left the user and passwords
> fields blank (using an app I wrote).
> ...
> I know he works under Win2K so I asked if he logged into Windows as
> Administrator. Yes, he did; if he logged in as another user, the
> free access didn't work.

The weird thing was that I thought I had exactly the same config as my
customer, and I could _not_ connect to any database without user/pass,
even as Administrator.

But later it turned out there was a difference after all: for some
reason my customer runs FB as an application, not as a service. I
tried this out too and... Bingo! Please come in Mr. Administrator,
these databases are all yours :-)

I then tested several configs and these are the results:

(yes = root/Administrator has access to any db without user/pass;
no = even superuser must specify user/pass to connect )

- FB 1.0.0 SS Win2k running as service : no
- FB 1.0.0 SS Win2k running as application : yes
- IB 6.0.1 SS Win2k running as service : no
- IB 6.0.1 SS Win2k running as application : yes
- FB 1.0.0 SS Linux running as firebird : no
- FB 1.0.0 SS Linux running as root : no

So it seems that for superservers, the only free superuser access is
on Win2k (and NT? and XP?), but only if IB/FB runs as an application.

I would appreciate it if people with classic servers and/or servers on
other platforms would try this out too and post the results here (or
mail them to me directly and I'll summarize here). This way we can get
a complete picture, which in turn can be used to update the docs.
Well, the FB docs at least.

If you want to test this:

- make sure envvars ISC_USER and ISC_PASSWORD are undefined
- cd to the Firebird bin subdir
- start isql without specifying user and/or pass
- type "connect ../examples/employee.gdb;"
(without the quotes; on Win use \ instead of /)
- next thing you're either connected or the connection is refused

Do not use IB(O)Console because it won't even try to connect if you
leave user/pass blank. But that's not the same as the _server_
refusing the connection.

Paul Vinkenoog