Encrypted database file and offline DBA password reset

3

After creating a new login and giving the SYS_OFFLINE_RESET_PASSWORD_ROLE role it is no problem to change the DBA password offline in 17.0.10.5750 via

"%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\backdoor.db

But if the database file is AES encrypted that didn't work.

1) If I use the same statement as with an unencrypted database I got "Missing database encryption key for database 'd:\backdoor.db'." - This is from my point of view correct. 2) Now I want to submit the encryption key via

"%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase;DBKEY=xxxxxx" d:\backdoor.db

or

"%SQLANY17%\bin64\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\backdoor.db -ek "xxxxxx"

Both variants didn't work, I got the messages "Invalid offline reset passwort parameter" and "No database option is not allowed with -orp server option".

Is it possible to use offline dba password reset with an encrypted database? Or do I need a fully deployed role-based access control model, where the DBA user has granted the CHANGE PASSWORD privilege to the correct power users together with an encrypted database.

Many thanks!

asked 25 Apr '19, 03:33

Robert%20Kratschmann's gravatar image

Robert Krats...
1165515
accept rate: 0%

Have you tried to use -ep to supply the DBKEY via prompt?

(25 Apr '19, 04:08) Volker Barth

I did, but it didn't work. You'll get the message "The specified server option is not allowed with -orp server option". Using

GRANT CHANGE PASSWORD TO DBAReset;

will work. But this requires an online connection.

(25 Apr '19, 04:33) Robert Krats...
Replies hidden

So it seems the new feature "Offline reset password" is not fully implemented...

FWIW, I wasn't aware of those changes in 17.0.10.5745, I had expected to read about them in the according Readme file - but apparently one has to study the "What's New" section in the SAP Help Portal...

(25 Apr '19, 04:49) Volker Barth

I stumble about the "What's New" section...

You are right in the readme file is no entry.

(25 Apr '19, 05:06) Robert Krats...
One Answer:
active answersoldest answersnewest answerspopular answers
4

Encrypted databases are not currently supported with this feature. Engineering case# 819146 opened to address this.

permanent link

answered 25 Apr '19, 09:50

Chris%20Keating's gravatar image

Chris Keating
7.0k45116
accept rate: 30%

converted 25 Apr '19, 10:20

Volker%20Barth's gravatar image

Volker Barth
39.5k355539811

Thanks Chris

(25 Apr '19, 10:07) Robert Krats...

This issue has been fixed and will be in an upcoming software update that is 17.0 Build 5788 or newer.

(02 May '19, 14:03) Chris Keating
Replies hidden

V17.0.10.5820 has been publised yesterday:)

(19 Jun '19, 05:09) Volker Barth
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×46
×14

question asked: 25 Apr '19, 03:33

question was seen: 2,959 times

last updated: 19 Jun '19, 05:09

Related questions

SQL Anywhere 17 - Validate Encrypted Database

SQL Anywhere 16: service does not start when strong encryption is used

crypto functions and hex strings - am I working too hard?

MobiLink SSL encryption fails

how to know servername of my database ?

about UltraliteJ AES DB Encryption on Android

Sql Anywhere Encryption ver 11

Unable to decrypt column

need to encrypt communication between client and server

simple encryption question