Subject | Re: [firebird-support] Re: Coexistance of autonomous applications |
---|---|
Author | Helen Borrie |
Post date | 2007-11-13T07:21:03Z |
At 05:38 PM 13/11/2007, you wrote:
Perhaps still don't realise that user authentication (that's the thing that you need a login name and password for) is server-based, while user privileges are database-based. If you replace the security database, you might well break the user's old application - if it was written with the login name and password hard-coded in the application (which is naughty, but unfortunately it does happen!).
If the users don't currently have a utility by which it is possible to add, delete and modify users, and it's true that nobody knows the SYSDBA password, then the situation is really bad. If they don't "need" to do that task then it's strongly likely they have only one user and it is probably SYSDBA. :-( And its password is hard-coded in the application code. :(
Now, obviously, for you to do as I recommended yesterday, you need to have someone there who can log in as SYSDBA, to create the user who would be the Owner of your databases. Can you make a more exhaustive inquiry about this? For example, ask around as to whether anyone knows how to change user passwords? For Fb 1.5 and below, that person would *have* to know the SYSDBA login.
If that draws a blank, can you get hold of the source code to that other application to find out whether there is an exposed string in there that would give you the password?
./heLen
>Thanks Helen,If you are talking about replacing the security database entirely then, yes, this is possible. (security.fdb on Fb 1.5, security2.fdb on Fb 2.0, and they are not interchangeable).
>
>The problem is the other software has control of the SYSDBA and the
>client has no idea what the password is.
>
>And the other software vendor is nowhere to be found.
>
>So no one can create anything using the existing SYSDBA.
>
>Is it possible to load a file (.fdb) that already contains its users
>to the clients computer?
>I.E. Can I create a fdb file on my computer and just copy it to the
>other and use the same user credentials?
Perhaps still don't realise that user authentication (that's the thing that you need a login name and password for) is server-based, while user privileges are database-based. If you replace the security database, you might well break the user's old application - if it was written with the login name and password hard-coded in the application (which is naughty, but unfortunately it does happen!).
If the users don't currently have a utility by which it is possible to add, delete and modify users, and it's true that nobody knows the SYSDBA password, then the situation is really bad. If they don't "need" to do that task then it's strongly likely they have only one user and it is probably SYSDBA. :-( And its password is hard-coded in the application code. :(
Now, obviously, for you to do as I recommended yesterday, you need to have someone there who can log in as SYSDBA, to create the user who would be the Owner of your databases. Can you make a more exhaustive inquiry about this? For example, ask around as to whether anyone knows how to change user passwords? For Fb 1.5 and below, that person would *have* to know the SYSDBA login.
If that draws a blank, can you get hold of the source code to that other application to find out whether there is an exposed string in there that would give you the password?
./heLen