Serious issue with database login, a user may log in with a fictional password 
that begins with the actual password for the database
------------------------------------------------------------------------------------------------------------------------------------

                 Key: CORE-3933
                 URL: http://tracker.firebirdsql.org/browse/CORE-3933
             Project: Firebird Core
          Issue Type: Bug
    Affects Versions: 2.1.3
         Environment: Windows 7 x64 (Professional)             Firebird 2.1.3 
            Reporter: jaymie.phillips


The user is able to log in with a paswword that is an extended version of the 
password used for the database.

example:
if the password for the database is := masterkey   then
the user is able to log in with a password of  :=  
masterkeythisisthepasswordrighthere
providing the username matches

this is however does not appear to apply to the username field

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to