Hello, there is a minor difference for the trace data output for an unauthorized vs. authorized attach database event.
Successful: 2011-10-19T14:32:05.9090 (1760:0000000005F47F48) ATTACH_DATABASE tourism.fdb (ATT_1772, HIC:NONE, UNICODE_FSS, TCPv4:127.0.0.1) C:\Program Files (x86)\Upscene Productions\Database Workbench 4 Pro\DBW4.exe:1744 Unauthorized (I provided a wrong password at connect time): 2011-10-19T14:30:23.7410 (1760:0000000005F47F48) UNAUTHORIZED ATTACH_DATABASE tourism.fdb (ATT_0, hic, UNICODE_FSS, TCPv4:127.0.0.1) C:\Program Files (x86)\Upscene Productions\Database Workbench 4 Pro\DBW4.exe:1744 As you can see, the role name (NONE) is missing from the connect information and the user name is in lower case. Just letting you know, perhaps this shall be changed to be consistent. Thanks, Thomas ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel