The installer in FB4 Beta 1 doesn't implement this option correctly, simply because srp256 is not included if the user checks the box. That is simple to fix.
However the underlying problem is more complex. We now have two forms of legacy auth (without an underscore) - srp for Firebird 3 and legacy_auth for Firebird 2.?. To correctly enable legacy auth at install time the installer should really be modified to present two questions to the user, one for Firebird 3 auth and another for Firebird 2 auth. This seems to me to be too complex for a click through install. Keeping a single question opens up FB4 servers to all legacy auth. Changing the question so that FB4 considers legacy auth to only include Fb3 and not FB2 _may_ be confusing for those not paying attention (like almost everybody). And there is a good argument to not offer either option at install time because enabling legacy auth weakens security. If we choose best security I wonder how much we risk alienating users who are not 200% committed to firebird. Like it or not we have a massive user base that is tied to legacy versions of firebird and that is not going to change overnight. In addition many of those use zero security at the un/pw level so don't really care about security. We want to take our users with us. To do so means keeping migration as simple as possible. What is the opinion of others on this subject? Paul -- Paul Reeves http://www.ibphoenix.com Supporting users of Firebird Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
