On 02/27/13 05:07, Matt Hunter wrote: > Thanks, > I have looked through some of the docs and have been outputting > the database parameter block data from why.cpp :: GDS_ATTACH_DATABASE > The password is there but it is encrypted. The test program > written in C++ Builder on windows passes the Param Strings as > user_name=SYSDBA > password=masterkey > > in why.cpp there is only an encrypted password. > the parameter dpb contains isc_dpb_password_enc set to a value of > QP3LMZ/MJh. > but no isc_dpb_password tag. > > verifyUser in pwd.cpp also only has the encrypted password. > > At what point is the password encrypted or am I going wrong > somewhere?
Password is encrypted (very poor & old method is used) at client. At server there is no isc_dpb_password at all. Probably some client (like Java or .Net, do not remember exactly) sends unencrypted password to server, but it's not good idea to rely on it. Moreover - in FB3 default authentication method will never send password at all, instead some changing every time kind of hash will be delivered. Probably if you explain what do you want to have I can give you better advice. Hope logging plain passwords is not what you want? ;) ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
