| Subject | Re: [IBO] IBO4: 'username and password not defined' |
|---|---|
| Author | Geoff Worboys |
| Post date | 2001-07-07T05:18:21Z |
> during the development phase, I am using sysdba/masterkeyDo you have PasswordRemembered = true ?
> for everything and I have stored these in the IBO4
> TIB_Connection component.
In IBO4 it defaults to false, preventing the password from being
saved.
> Most of the time it connects fine to the local server, butAside from defaulting to not saving the password, when the password is
> sometimes I get the error message 'your username and password
> is not defined' at run-time. I am connecting to two separate
> database files, and this happens with one of them.
>
> I suspect that the error message is wrong and there is a
> different connection problem or something, any ideas?
saved it is saved jumbled (very basic encryption). The key value used
to jumble the password is randomly generated when first used and
stored in the registry for the current user.
This means that every different user on a system, and every different
system, will have a different key - which prevents the password being
unjumbled when the executable is run on another system/user. This was
intentional - to minimise the risk of accidently revealing passwords
when distributing executables and project files.
You can read more about how this works in the IB_Utils.pas unit
(search for GetJumbleKey and JumbleString functions).
As of IBO4BetaA2 there are two global variables in the IB_Utils.pas
unit which you can use to change the storage location of the jumble
key...
JumbleRegKey: HKEY = HKEY_CURRENT_USER;
JumbleRegPath: string = '\Software\CPS\IBO\Security';
(Actual unlock key is stored within this path as the 'JumbleKey'
entry.)
You can change these variables at runtime to point the connection to a
predefined security key matching the one used when the application was
compiled. Remember that there are security issues under WinNT/Win2K
if you store under HKEY_LOCAL_MACHINE.
So, if you must distribute an application with an embedded password
you can either...
1. Use your own password storage mechanism and assign it to the
connection at runtime.
OR
2. Setup the application to save the predefined JumbleKey value to the
registry when first setup, and then at application startup set the two
global variables specified above to point to that location.
I hope this explains your situation.
Geoff Worboys
Telesis Computing