Thanks for the help Alex,
Logging plain passwords was only so that I can determine what
passwords are being sent to the server.
What I really need to do is to find out what password is being sent
from a particular windows client app that my client owns as it is the
only way to get access to their data.
It is kind of a messy situation but amounts to them being locked
out of their own servers by the network admins and so can't get backups
of their database.
The network admin people recompiled the app that I wrote and
changed the password.
I just need to be able to get copies of their data.
At least the situation has finally given me an excuse to get
involved in the firebird code because there are some ideas that I want
to try out when I get up to speed.
At the moment, I am thinking of just altering the windows client
dll to spit out the password as I assume that that is what does the
encrypting.
Thanks,
Matt.
On 27/02/2013 4:30 PM, Alex Peshkoff wrote:
On 02/27/13 05:07, Matt Hunter wrote:
Thanks,
I have looked through some of the docs and have been outputting
the database parameter block data from why.cpp :: GDS_ATTACH_DATABASE
The password is there but it is encrypted. The test program
written in C++ Builder on windows passes the Param Strings as
user_name=SYSDBA
password=masterkey
in why.cpp there is only an encrypted password.
the parameter dpb contains isc_dpb_password_enc set to a value of
QP3LMZ/MJh.
but no isc_dpb_password tag.
verifyUser in pwd.cpp also only has the encrypted password.
At what point is the password encrypted or am I going wrong
somewhere?
Password is encrypted (very poor & old method is used) at client. At
server there is no isc_dpb_password at all. Probably some client (like
Java or .Net, do not remember exactly) sends unencrypted password to
server, but it's not good idea to rely on it. Moreover - in FB3 default
authentication method will never send password at all, instead some
changing every time kind of hash will be delivered.
Probably if you explain what do you want to have I can give you better
advice. Hope logging plain passwords is not what you want? ;)
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
--
Regards,
Matt Hunter
Systems Analyst
Hunter Business Systems
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
