I was recently working on a database debugging task for a client in a remote
location and the only direction I was given was to find out what's wrong with
that database application.
Actually, I'm fine with the ambiguity of the direction; I don't always get a
clear-cut definition of the problem first time around (mainly because the client
may not know how to ask for help, and I'm quite fine with helping them define
the problem). But that's not why I'm writing these notes.
The main reason is that in the process of defining the problem and finding a
solution, I ran into something interesting which I'd like to share with my
readers. Here's what happened:
1. They told me about a problem with application X.
2. I asked them where on the network it was and they were able to find that out,
using the shortcut properties; So far so good!
3. Next, I tried to connect myself to the application, but I didn't have access
authority to that particular server; That's not uncommon either, so I went
through the network data security process and got access to the server.
4. The I looked for the application and found an EXE which looked like the one I
needed; I double clicked on it and got a login screen. I called the
client, trying to ask for a valid ID and password, but the client was gone for
the day (so I left a message and waited for a callback).
5. Then I thought that while I'm waiting for an ID and password, let's see if I
can figure it out myself, so here's what I did next:
- I found out which database was behind the application; it was right there under
the main application folder.
- I opened the database.
- Then I looked for a table named "passwords" or "security" or "users" or
something like that; and there it was the "users" table!
- I opened the "users" table and found all the IDs and passwords, but the
passwords were encrypted.
- So I said to myself: "See if you can add a record to the users table and enter
any ID and password." To my amazement, I was able to do so: I added a record
with ID=BEN and NO PASSWORD at all. I then opened the application one more time
and on the login screen, simply entered BEN and no password and clicked OK. I
then got full access to the entire application.
Wow!
For further information, please refer to our feedback
page.
|