Firebird Documentation Index → Firebird 2.0.6 Release Notes → Security in Firebird 2 → Dealing with the New Security Database |
If you try to put a pre-Firebird 2 security database -- security.fdb or a renamed isc4.gdb -- into Firebird's new home directory and then try to connect to the server, you will get the message "Cannot attach to password database". It is not a bug: it is by design. A security database from an earlier Firebird version cannot be used directly in Firebird 2.0 or higher.
The newly structured security database is named security2.fdb.
In order to be able to use an old security database, it is necessary to run the upgrade
script security_database.sql
, that is in
the ../upgrade
sub-directory of your Firebird server installation.
A copy of the script appears in the Appendix to these notes: Security Upgrade Script.
To do the upgrade, follow these steps:
Put your old security database in some place known to you, but not in Firebird's new home directory. Keep a copy available at all times!
Start Firebird 2, using its new, native security2.fdb.
Convert your old security database to ODS11 (i.e. backup and restore it using Firebird 2.0). Without this step, running the security_database.sql script will fail!
Connect the restored security database as SYSDBA and run the script.
Stop the Firebird service.
Copy the upgraded database to the Firebird 2 home directory as security2.fdb.
Restart Firebird.
Now you should be able to connect to the Firebird 2 server using your old logins and passwords.
In pre-2.0 versions of Firebird it was possible to have a user with NULL password. From v.2.0 onward, the RDB$PASSWD field in the security database is constrained as NOT NULL.
However, to avoid exceptions during the upgrade process, the field is created as nullable by the upgrade script. If you are really sure you have no empty passwords in the security database, you may modify the script yourself. For example, you may edit the line:
RDB$PASSWD RDB$PASSWD,
to be
RDB$PASSWD RDB$PASSWD NOT NULL,
As long as you configure LegacyHash = 1
in firebird.conf
,
Firebird's security does not work completely. To set this right, it is necessary to do as follows:
Change the SYSDBA password
Have the users change their passwords (in 2.0 each user can change his or her own password).
Set LegacyHash back to default value of 0, or comment it out.
Stop and restart Firebird for the configuration change to take effect.
Firebird Documentation Index → Firebird 2.0.6 Release Notes → Security in Firebird 2 → Dealing with the New Security Database |