Commented by: @AlexPeshkoff

Password validation code (invokes security plugins) added to external engines connector. Validation is performed only for server connections, in embedded one can still use any user name (like elsewhere for embedded).

Simple way to check:
execute block returns (x varchar(32)) as begin execute statement 'select current_user from rdb$database' as user 'name' password 'pass' into x; suspend; end^

Commented by: @pavel-zotov

Try following as SYSDBA (with default password):

set list on;
set term ^;
execute block returns \(whoami varchar\(32\)\) as 
begin 
    execute statement 'select current\_user from rdb$database' as user 'non\_existent' password 'qwecXzasd' into whoami; 
    suspend; 
end
^

execute block returns \(whoami varchar\(32\)\) as 
begin 
    execute statement 'select current\_user from rdb$database' as user 'non\_existent' password '' into whoami; 
    suspend; 
end
^

execute block returns \(whoami varchar\(32\)\) as 
begin 
    execute statement 'select current\_user from rdb$database' as user 'SYSDBA' password 'fullyWrong' into whoami; 
    suspend; 
end
^ 

execute block returns \(whoami varchar\(32\)\) as 
begin 
    execute statement 'select current\_user from rdb$database' as user 'SYSDBA' password '' into whoami; 
    suspend; 
end
^ 

execute block returns \(whoami varchar\(32\)\) as 
begin 
    execute statement 'select current\_user from rdb$database' as user 'SYSDBA' password ' ' into whoami;  \-\- password = single space char\.
    suspend; 
end
^ 

execute block returns \(whoami varchar\(32\)\) as 
begin 
    execute statement 'select current\_user from rdb$database' as user 'SYSDBA' password '  ' into whoami;   \-\- password = two spaces\.
    suspend; 
end
^ 

===

On build 322289 output will be:

Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
After line 2 in file c5082-1.sql --- OK, this is for "user 'non_existent' password 'qwecXzasd'"

Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
After line 8 in file c5082-1.sql-- OK, this is for "user 'non_existent' password ''"

Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
After line 15 in file c5082-1.sql -- OK, this is for "user 'SYSDBA' password 'fullyWrong' "

WHOAMI SYSDBA

WHOAMI SYSDBA

WHOAMI SYSDBA

Why SYSDBA can still do EB with password that is empty or contains only of ascii_char(32) symbols ?
PS. Checked on both Legacy & Srp.

Commented by: @dyemanov

Do you have ISC_PASSWORD envvar defined? Looks like empty password is treated as missing password and the envvar is picked instead.

Commented by: @pavel-zotov

Yes, isc_* variables DID exist. But when I've removed them, result is the same:

C:\>set isc_user=

C:\>set isc_password=

C:\>set isc_user
Переменная среды isc_user не определена

C:\>set isc_password=

C:\>cd C:\MIX\firebird\QA\fbt-repo\tmp\

C:\MIX\firebird\QA\fbt-repo\tmp>isql /:e30 -i c5082-1.sql -user sysdba -pas masterke

Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
After line 2 in file c5082-1.sql

Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
After line 8 in file c5082-1.sql

Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
After line 15 in file c5082-1.sql

WHOAMI SYSDBA

WHOAMI SYSDBA

WHOAMI SYSDBA

C:\MIX\firebird\QA\fbt-repo\tmp>

(this was done in cmd.exe)

Commented by: @AlexPeshkoff

Can not reproduce:

SQL> execute block returns (whoami varchar(32)) as begin execute statement 'select current_user from rdb$database' as user 'SYSDBA' password ' ' into whoami; suspend; end^

WHOAMI

Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
SQL>

Commented by: @pavel-zotov

C:\MIX\firebird\QA\fbt-repo\tmp>set isc_user
Переменная среды isc_user не определена

C:\MIX\firebird\QA\fbt-repo\tmp>set isc_password
Переменная среды isc_password не определена

Case-1. EMPTY password
#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠

C:\MIX\firebird\QA\fbt-repo\tmp>echo execute block returns (whoami varchar(32)) as begin execute statement 'select current_user from rdb$dat
abase' as user 'SYSDBA' password '' into whoami; suspend; end#⁠ | isql /:e30 -user sysdba -pas masterke -term #⁠

WHOAMI

SYSDBA

Case-2. Password is single space character
#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠

C:\MIX\firebird\QA\fbt-repo\tmp>echo execute block returns (whoami varchar(32)) as begin execute statement 'select current_user from rdb$dat
abase' as user 'SYSDBA' password ' ' into whoami; suspend; end#⁠ | isql /:e30 -user sysdba -pas masterke -term #⁠

WHOAMI

SYSDBA

Case-3. Password is single TAB character
#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠#⁠

C:\MIX\firebird\QA\fbt-repo\tmp>echo execute block returns (whoami varchar(32)) as begin execute statement 'select current_user from rdb$dat
abase' as user 'SYSDBA' password ' ' into whoami; suspend; end#⁠ | isql /:e30 -user sysdba -pas masterke -term #⁠

WHOAMI

Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.

ISQL Version: WI-V3.0.0.32289 Firebird 3.0 Release Candidate 2
Server version:
WI-V3.0.0.32289 Firebird 3.0 Release Candidate 2
WI-V3.0.0.32289 Firebird 3.0 Release Candidate 2/tcp (csprog)/P13
WI-V3.0.0.32289 Firebird 3.0 Release Candidate 2/tcp (csprog)/P13

The same without PIPE mechanism:

C:\MIX\firebird\QA\fbt-repo\tmp>isql /:e30 -user sysdba -pas masterke
Database: /:e30, User: SYSDBA
SQL> set term ^; execute block returns (whoami varchar(32)) as begin execute statement 'select current_user from rdb$database' as user 'SYSD
BA' password '' into whoami; suspend; end^ set term ;^

WHOAMI

SYSDBA

SQL> set term ^; execute block returns (whoami varchar(32)) as begin execute statement 'select current_user from rdb$database' as user 'SYSD
BA' password ' ' into whoami; suspend; end^ set term ;^

WHOAMI

SYSDBA

SQL> set term ^; execute block returns (whoami varchar(32)) as begin execute statement 'select current_user from rdb$database' as user 'SYSD
BA' password ' ' into whoami; suspend; end^ set term ;^

WHOAMI

Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.

I've attached screenshots.

Commented by: @AlexPeshkoff

Strange behavior happens when you try to use empty password with user with same name as was used to connect to server. In that case EDS engine is using existing connection and making no new connection does not perform password validation. I'm not sure is it correct to treat a few spaces as empty password, but that's definitely out of scope of this ticket.

Commented by: @pavel-zotov

> when you try to use empty password with user with same name as was used to connect to server
> In that case EDS engine is using existing connection and making no new connection

So, this is expected behavior, right ?

Commented by: @AlexPeshkoff

I'd say that's this is acceptable for zero-length password but rather strange for a password containing a few spaces.
What I can say for sure - this is not FB3 regression, 2.5 behaves the same way.