Re: [Firebird-devel] Firebird 4 - Authentication issues

Thu, 21 Jan 2021 05:19:13 -0800 

On 21-01-2021 13:55, Hugo Eyng | Datamais via Firebird-devel wrote:

I would like to try a migration from FB 2.5 to FB 4.
The last time I tried I faced troubles to connect to the database. Apparently the troubles were related to the authentication method.
When asking questions, it is very helpful to provide details about the problems you encountered, as it allows us to provide more detailed or more specific answers.
Where can I found good information about how to connect my application, that currently uses FB 2.5, in the FB 4? 

I will install FB 4 in a CentOS 7.9 server.


There are essentially two routes:
1. Make sure your application uses a Firebird 3.0.4 or higher fbclient (or a connection library that supports the Srp256 authentication, e.g. if you're using Jaybird or something else that doesn't use fbclient).
Create your users with the Srp user manager (CREATE USER ... USING PLUGIN Srp).
1b. If your connection library supports Srp, but not Srp256, configure Firebird to enable the Srp authentication plugin by adding Srp to the *end* of the AuthServer config option.
2. Configure Firebird to support the Legacy_Auth plugin (add Legacy_Auth to the *end* of the AuthServer config option), enable the Legacy_UserManager (add it to the *end* of the UserManager config option), relax the wire encryption from default required to enabled (change config option WireCrypt to Enabled)
Create your users with the Legacy_UserManager (CREATE USER ... USING PLUGIN Legacy_UserManager).
Some of this is also documented in https://www.firebirdsql.org/file/documentation/release_notes/html/en/3_0/rlsnotes30.html#rnfb30-compat-legacyauth, but this suggests putting Legacy_Auth first and disables the Srp user manager, which leads to an insecure configuration for attachments created by clients that do support Srp256.
Option 1 (using Srp256 or Srp) is more secure and should be preferred. Option 2 should only be followed if your application for some reason is stuck on a connection library that does not support Srp256 or Srp. 

Mark
--
Mark Rotteveel


Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to