Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FB 3.0 alpha: Empty password will pass login [CORE4241] #4565

Closed
firebird-automations opened this issue Oct 6, 2013 · 13 comments
Closed

FB 3.0 alpha: Empty password will pass login [CORE4241] #4565

firebird-automations opened this issue Oct 6, 2013 · 13 comments
Assignees
@AlexPeshkoff
Labels
affect-version: 3.0 Alpha 1 fix-version: 3.0 Alpha 2 priority: major type: bug

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: Robert (rjm1102)

Using FB 3.0 Alpha 1.
I tried to connect to my test database with an empty password and to my surprise the connection was accepted.

Commits: 8c546c2 FirebirdSQL/fbt-repository@f74a0a7
@firebird-automations
Copy link
Collaborator Author

Commented by: @aafemt

Embedded mode never require password and now is used by default for local connections.

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Won't Fix [ 2 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: Robert (rjm1102)

Okay, it is clear to me now. I used FlameRobin on Windows 7 (and Windows XP).
It seemed to be caused by the new authentication plug-in settings of FB3.0 in firebird.conf.
I changed the setting for AuthServer to "AuthServer = Srp" and now authentication fails for empty passwords, as I would expect (like in FB 2.5).
The default setting is "AuthServer = Srp, Win_Sspi" and the addition of Win_Sspi will accept empty passwords and therefor bypasses authentication checking.
Issue can be closed.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Safe default for plugins list should be restored - it's not always acceptable to use windows builtins to access firebird databases.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Resolved [ 5 ] => Reopened [ 4 ]

resolution: Won't Fix [ 2 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Modified by: Sean Leyne (seanleyne)

status: Reopened [ 4 ] => Resolved [ 5 ]

resolution: Won't Fix [ 2 ]

@firebird-automations
Copy link
Collaborator Author

Commented by: Sean Leyne (seanleyne)

Case closed by mistake

@firebird-automations
Copy link
Collaborator Author

Modified by: Sean Leyne (seanleyne)

status: Resolved [ 5 ] => Reopened [ 4 ]

resolution: Won't Fix [ 2 ] =>

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Restored safe default used in 2.x versions - only user/password authentication is enabled by default

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Reopened [ 4 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0 Alpha 2 [ 10560 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexPeshkoff AlexPeshkoff

Labels
affect-version: 3.0 Alpha 1 fix-version: 3.0 Alpha 2 priority: major type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AlexPeshkoff @firebird-automations