Firebird 3.0.7 gbak/gsec allows sysdba access with incorrect password
28 views
Skip to first unread message
Mischa Gilraen
Jan 15, 2021, 8:51:37 PM1/15/21
to firebird...@googlegroups.com
I've set up a new installation of Firebird 3.0.7 on a Windows server. Testing out the command-line utilities and both gbak and gfix allow SYSDBA access when I give it an incorrect password. I checked and the ISC_USERNAME and ISC_PASSWORD environment variables are not set. I didn't have this behavior in Firebird 2.5.9.
Is anyone here familiar with this issue?
Mischa Gilraen
Software Developer
Working Systems Cooperative
Mark Rotteveel
Jan 16, 2021, 2:59:23 AM1/16/21
to firebird...@googlegroups.com
On 16-01-2021 02:51, Mischa Gilraen wrote:
> I've set up a new installation of Firebird 3.0.7 on a Windows server.
> Testing out the command-line utilities and both gbak and gfix allow
> SYSDBA access when I give it an incorrect password. I checked and the
> ISC_USERNAME and ISC_PASSWORD environment variables are not set. I
> didn't have this behavior in Firebird 2.5.9.
>
> Is anyone here familiar with this issue?
Are you trying to backup a local database? If so, that behaviour is
> I've set up a new installation of Firebird 3.0.7 on a Windows server.
> Testing out the command-line utilities and both gbak and gfix allow
> SYSDBA access when I give it an incorrect password. I checked and the
> ISC_USERNAME and ISC_PASSWORD environment variables are not set. I
> didn't have this behavior in Firebird 2.5.9.
>
> Is anyone here familiar with this issue?
expected, as local files are - since Firebird 3 - opened using the
embedded engine, which ignores the password. The fact you have
filesystem level access to the file is considered sufficient authorization.
Mark
--
Mark Rotteveel
Reply all
Reply to author
Forward
0 new messages