Icon View Incident Report

Serious Serious
Reported By: Gary Shipley
Reported On: 5/19/2009
For: Version 4.27 Build 5
# 2992 DBSYS Utility Incorrectly Truncating Passwords to 30 Characters

Created a table using the DBSYS utility and used a password to encrypt. The password was added to the session using the File/Options/Security menu option. The process was repeated several times with passwords of differing lengths but none longer than 128. As the table is created the utility asks for the password to be entered twice which was done via paste to ensure accuracy.

The session type is stLocal and a directory on the local hard drive was used to contain the table.

After closing DBSYS and starting it again, the table will not reopen no matter how many times the password is entered. The same thing happens using code. Tested on BDS2006, D2007 and D2009 with versions 4.27 build 5 all the way back to version 4.26 build 3 (BDS2006 only) and the result was the same every time.

Have not attempted encrypted tables using remote server so have no idea if this is affected.

The code below is used and even though the correct password is added to the active session, the password entry dialog still opens. Entering the password via a paste and add or ok button click still fails. Finally after a cancel the dbengine reports insufficient rights error.

This situation renders local encrypted tables useless. I would suspect my code, however the dbsys.exe utility encounters the same problem.

Unit Unit2;

Interface

Uses
    Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, 
Forms,
    Dialogs, DB, dbisamtb, Grids, DBGrids, StdCtrls;

Const
    sesName = 'mySession';
    dbmName = 'myDB';

Type
    TForm2 = Class(TForm)
        theTable: TDBISAMTable;
        theDB: TDBISAMDatabase;
        dSession: TDBISAMSession;
        DataSource1: TDataSource;
        Button1: TButton;
        DBGrid1: TDBGrid;
        Procedure Button1Click(Sender: TObject);
    Private
        { Private declarations }
    Public
        { Public declarations }
    End;

Var
    Form2: TForm2;

Implementation

{$R *.dfm}

Procedure TForm2.Button1Click(Sender: TObject);
Begin
    With dSession Do
    Begin
        PrivateDir := 'C:\Temp\scratch\';
        SessionName := sesName;
        SessionType := stLocal;
        Active := True;
        AddPassword('3674ECEA180C45928276DFAFBACEA917B8598304A'+
'69D49BC8887DA0CA084BAAE7DD4DEEAF16E4BA59B81'+
5A4EC94792B614E46BA31960410DBABDB329D9613DE5');

    End;

    With theDB Do
    Begin
        KeepConnection := False;
        KeepTablesOpen := False;
        DatabaseName := dbmName;
        SessionName := sesName;
        Directory := 'C:\Temp\';
        Connected := True;
    End;

    With theTable Do
    Begin
        DatabaseName := dbmName;
        SessionName := sesName;
        IndexName := 'idxDescription';
        TableName := 'LibList';
        Open;
    End;
End;

End.



Comments Comments
The MaxLength property for the password input edit control was incorrectly set to 30.


Resolution Resolution
Fixed Problem on 5/20/2009 in version 4.28 build 1


Products Affected Products Affected
DBISAM Additional Software and Utilities

Image