Hi,
the problem is contained in the build from March
DB21085I This instance or install (instance name, where applicable:
"db2test2") uses "64" bits and DB2 code release "SQL11054" with level
identifier "0605010F".
Informational tokens are "DB2 v11.5.4.0", "s2002251500", "DYN2002251500AMD64",
and Fix Pack "0".
When I install it -> create an instance and database then I am able to connect with not existing users.
When I db2iupdt this instance with the build from April then this problem still exists.
DB21085I This instance or install (instance name, where applicable: "db2test")
uses "64" bits and DB2 code release "SQL11054" with level identifier
"06050
Informational tokens are "DB2 v11.5.4.0", "s2003191500", "DYN2003191500AMD64",
and Fix Pack "0".
But when I install a complete fresh install with the build from April the problem is not reproducable.
So with the current build from yesterday it is solved in my eyes.
Regards,
Gerhard
------------------------------
Gerhard Paulus
------------------------------
Original Message:
Sent: Wed April 29, 2020 03:47 PM
From: Gerhard Paulus
Subject: Db2 BETA code connect with wrong user and wrong password possible
Hi,
I am able to connect (current BETA code) to the database with wrong username and wrong password.
db2level
DB21085I This instance or install (instance name, where applicable:
"db2fed01") uses "64" bits and DB2 code release "SQL11054" with level
identifier "0605010F".
Informational tokens are "DB2 v11.5.4.0", "s2003191500", "DYN2003191500AMD64",
and Fix Pack "0".
Product is installed at "/db2/db2v115m4fp0s2003191500".
Current user and password (user db2fed01 exists)
gerhard@t450s:~$ db2 connect to fed01 user db2fed01
Enter current password for db2fed01:
Database Connection Information
Database server = DB2/LINUXX8664 11.5.4.0
SQL authorization ID = DB2FED01
Local database alias = FED01
Wrong user and password (user db2f does not exist)
gerhard@t450s:~$ db2 connect to fed01 user db2f
Enter current password for db2f:
Database Connection Information
Database server = DB2/LINUXX8664 11.5.4.0
SQL authorization ID = DB2F
Local database alias = FED01
And furthermore the wrong user with wrong authenticated password is able to create tables!
db2 "create table (i int)"
DB20000I The SQL command completed successfully.
Regards, Gerhard
------------------------------
Gerhard Paulus
------------------------------
#Db2