Issue Details (XML | Word | Printable)

Key: CORE-5126
Type: Bug Bug
Status: Open Open
Priority: Blocker Blocker
Assignee: Unassigned
Reporter: Danniel Corbit
Votes: 0
Watchers: 5
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Installation of Firebird 3.0 beta 2 totally ignores my sysdba login information

Created: 03/Mar/16 08:36 PM   Updated: 19/Mar/16 10:03 AM
Component/s: Security
Affects Version/s: 3.0 Beta 2
Fix Version/s: None

Environment: Windows Server 2012 R2 64 bit

QA Status: No test


 Description  « Hide
Installation of Firebird offers a screen to set the system DBA username and password at install time.
It allowed me to fill out the form, but totally ignored the results.

You cannot change the system owner (for instance) from SYSDBA to SA
You cannot change the system owner password. No matter what you type (and it does get accepted!) the sysdba password is masterkey when you are done.
This is a security breach so severe that the database is unusable.


 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Dmitry Yemanov added a comment - 04/Mar/16 06:23 AM
Do you really speak about BETA 2? Or about RC2?

Alexander Peshkov added a comment - 04/Mar/16 10:29 AM
Danniel, I do not know what exactly asks windows installer at that screen, but changing system owner from SYSDBA to something else is definitely impossible at this stage. It's hardcoded string.

To help us better solve your problem please answer 2 questions:
1. What client version did you use to connect to firebird 3.0 server? Native (3.0) or some previous version?
2. Does password 'masterke' (8 letters, no final 'y') let you connect to server?

Danniel Corbit added a comment - 18/Mar/16 06:57 PM
I used flamerobin 0.9.2.1851

If there is a different procedure that must be used, what is the procedure?

Paul Reeves added a comment - 19/Mar/16 10:03 AM
Beta 2 was released eight months ago and has been superceded by two release candidates.

My first recommendation would be to be sure to test with the most recent version. Also, be sure to test with a clean install, by ensuring that no traces of a previous firebird 3 install remain. You can use unins000.exe /clean for that (or just delete the old config files manually.)

The option to change the name of SYSDBA at install time will be removed before the next release. So don't waste time testing that.

And, finally, I doubt that flamerobin 0.9.2.1851 is ready for Firebird 3.