On 1 Feb 2003 at 2:31, Paul Vinkenoog wrote:

> Hello all,
>
> Two weeks ago I wrote:
>
> > I have a strange problem on my hands: a customer of mine found out
> > he could connect to any database if he left the user and passwords
> > fields blank (using an app I wrote).
> > ...
> > I know he works under Win2K so I asked if he logged into Windows as
> > Administrator. Yes, he did; if he logged in as another user, the
> > free access didn't work.
<snip>

While I understand your surprise, this behaviour is normal, intentional
and DOCUMENTED. This feature is remain of old trusted host security in
InterBase. This is best known on Linux/UNIX, but not very known on
Windows (because it works only partially on NT/2000/XP, not W9X, see
below).

On Linux/UNIX use /etc/hosts.equiv (or .rhosts etc. - see the doc) to
make a relationship between "trusted" computers, and you can log in with
your OS user identity (any, not just root. If you have root privileges,
you're equal to SYSDBA.

On Win NT/2000/XP it works (AFAIK) only for Administrator account.

To use OS identity as db level identity, you can't specify a
user/password combo on login in any way (including ISC_USER, cmd switch
etc.).

Best regards
Pavel Cisar
http://www.ibphoenix.com
For all your upto date Firebird and
InterBase information