Firebird 5.0. Setting up authentication parameters in the firebird.conf file

[NikolayUkleyko]

Hello !

The database has been upgraded from Firebird 2.5 to Firebird 5.0.
Please, tell me if it makes sense to connect the following parameters and specify the following values:

1. AuthServer = Legacy_Auth
2. AuthClient = Legacy_Auth
3. UserManager = Legacy_UserManager
4. WireCrypt = Disabled
5. WireCompression = false

Thanks !

[mrotteveel]

I have moved this from issues to discussions; issues are for reporting bugs or requesting new features.

[mrotteveel]

These settings don't make sense for multiple reasons:

1. Setting AuthServer = Legacy_Auth, will only allow connections with deprecated authentication algorithms. It is better to set it to AuthServer = Srp256, Legacy_Auth if you really need legacy auth, otherwise use the default (i.e. Srp256)
2. Setting AuthClient = Legacy_Auth will only allow the server to create connections to other database (including other servers) with deprecated authentication algorithms. Leaving this at the default (i.e. Srp256, Srp, Win_Sspi, Legacy_Auth for Windows, Srp256, Srp, Legacy_Auth for other platforms) is better.
3. Setting UserManager = Legacy_UserManager will only allow creating users with the insecure and deprecated legacy authentication user manager. Set it to UserManager = Srp, Legacy_UserManager if you really need legacy auth, otherwise leave it on the default (Srp).
   Note that the order Srp, Legacy_UserManager means you cannot use gsec (also deprecated) to manage legacy authentication users, and with the SQL user management statement, you must use the using clause. You can reverse the order, but you should generally put the more secure option first.
4. Setting WireCrypt = Disabled will disallow any client from using wire encryption. If you need Legacy_Auth (which doesn't support encryption), then set it to Enabled, otherwise leave it on its default (Required for server)
5. Setting WireCompression = false is already the default (and, to be clear, when you configure it on the server, it only affects outgoing connections to other servers; for incoming connections, the client setting is used.

[AlexPeshkoff]

Let me add one thing. The only reason why you may want to proceed with Legacy auth family of plugins is CRITICAL inability of your users to enter new password after FB upgrade (or may be passwords are hard-coded in software that they run). I highly recommend not to treat other things (like need to upgrade fbclient on all boxes) as real need to use legacy auth.

[NikolayUkleyko]

Thank you for your reply, @mrotteveel, @AlexPeshkoff !
I have studied the information.
It is quite detailed and understandable.
In general, there is no need to connect such parameters with the given values.

The program works correctly with Firebird 5.0 databases with such disabled parameters (by default).

All the best !