search

FirebirdSQL / firebird

Firebird server, client and tools
https://www.firebirdsql.org/
1.23k stars 213 forks source link

Firebird 3.0.10 installer and later resets the password of SYSDBA to masterkey when upgrading. Passwords of possible other users are not reset. #7726

Open pmatimmermans opened 1 year ago

pmatimmermans commented 1 year ago

Try the following to reproduce:

When installing Firebird 3.0.7 for instance, followed by changing the SYSBA password, then uninstalling without deleting security3.fdb, and reinstalling 3.0.7 again, the SYSDBA password is maintained. With Firebird 3.0.10 the password of SYSDBA is reset to masterkey when reinstalling Firebird 3.0.10. The same holds for Firebird 3.0.11. The password of possible other database users are maintained. It seems that the #7158 fix (https://github.com/FirebirdSQL/firebird/issues/7158) introduced this bug.

reevespaul commented 1 year ago

Confirmed. Until a fix is available perhaps the simplest the work around is to login with masterkey and change the password thus:

 create or alter user SYSDBA password 'mypassword' using plugin Srp;
reevespaul commented 1 year ago

But obviously this needs to be fixed and 3.0.11 repackaged.