======PrimeBase Database Poor File Permissions and Crypt() Hash======

http://www.firebirdsql.org
or affiliated sites:
http://www.ibphoenix.com

      The Firebird(tm) database engine is derived from the InterBase(r)
      product currently owned by Borland.  The documentation for
      InterBase v 6.0 applies also to the current FireBird release.
      InterBase documentation is available in Adobe Acrobat format from
      http://info.borland.com/techpubs/interbase/."

      The "information database" stored in the file isc4.gdb is read and
      writeable for all users with the default rpm installation of
      Firebird-1.0.3 for Linux. 

[root@Fester interbase]# ls -l /opt/interbase/isc4.gdb -rw-rw-rw- 1 root root 618497 Jun 8 14:44 /opt/interbase/isc4.gdb

This file contains the password hashes and usernames for the firebird database. The passwords are hashed twice, once with the static salt "9z" and a second time with the returned crypt text minus the salt.

crypt(&crypt(user_password,"9z")[2],"9z")