| Subject | Re: [firebird-support] invisible user/password environment variables |
|---|---|
| Author | dlandy |
| Post date | 2004-02-05T18:25:15Z |
Thank you for answering my first question, about why I am able to connect to
the embedded server with any old user and password (even non-existent ones).
I am still trying to understand why I get:
"Your user name and password are not defined. Ask your database
administrator to set up a Firebird login"
when I try to run one of the api examples (api2.c for example).
This is even if I have set ISC_USER and ISC_PASSWORD to SYSDBA and
masterkey, respectively.
I am able to run api15.c after creating a 'guest' user with gsec -- this is
the only api example that seems to actually specify the user name and
password explicitly in the code.
Perhaps there is something I don't understand about setting environment
variables. A clue is that when I run gsec without the user and password
command line options, I get the same message as above. Yet the
documentation says you can call gsec without the options IF the environment
variables are set. When I give the "SET" command in my DOS window, I do
indeed see ISC_USER and ISC_PASSWORD.
the embedded server with any old user and password (even non-existent ones).
I am still trying to understand why I get:
"Your user name and password are not defined. Ask your database
administrator to set up a Firebird login"
when I try to run one of the api examples (api2.c for example).
This is even if I have set ISC_USER and ISC_PASSWORD to SYSDBA and
masterkey, respectively.
I am able to run api15.c after creating a 'guest' user with gsec -- this is
the only api example that seems to actually specify the user name and
password explicitly in the code.
Perhaps there is something I don't understand about setting environment
variables. A clue is that when I run gsec without the user and password
command line options, I get the same message as above. Yet the
documentation says you can call gsec without the options IF the environment
variables are set. When I give the "SET" command in my DOS window, I do
indeed see ISC_USER and ISC_PASSWORD.
----- Original Message -----
From: "Helen Borrie" <helebor@...>
To: <firebird-support@yahoogroups.com>
Sent: Thursday, February 05, 2004 2:05 AM
Subject: Re: [firebird-support] invisible user/password environment
variables
> At 07:38 AM 5/02/2004 +0100, you wrote:
> > > I am using Firebird 1.5 -- the embedded server. I am able to query
> > > against the employee.fdb database using isql, so I know that much is
> > > working.
> > > (Parenthetically, it seems I can connect with any user/password
> > > combination, even non-existent ones. Can someone explain that behavior
> > > to me?)
> >
> >Embedded doesn't use User and Password at all, "security" is achieved by
> >means of the OS, whoever
> >can log into the computer can use the DB through your application.
>
> Well, almost. In the *normal* server situation, the security check
doesn't
> care who you are, as long as you exist in security.fdb. Any user who
> exists can log in to any database. Once you are logged in, of course you
> can't access anything unless your username has permissions to objects
therein.
>
> In embedded, that user verification is bypassed - hence, you can use any
> old user name and password, even non-existent, and get connected to the
> database. But you still won't have access to see or do anything in the
> database unless the DATABASE has permissions for your user name (or a ROLE
> that your user name has permissions for) for the objects you try to
access.
>
> Of course, if you log in as SYSDBA, you have full privileges to
everything,
> including "DROP DATABASE" and there is currently no way to revoke SYSDBA
> permissions. That's why it is ultra-dumb to write any END-USER app that
> connects everyone as SYSDBA.
>
> /hb
>
>
>
>
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>
>