cancel
Showing results for 
Search instead for 
Did you mean: 

Encrypted database file and offline DBA password reset

robert_kratschmann
Participant
3,576

After creating a new login and giving the SYS_OFFLINE_RESET_PASSWORD_ROLE role it is no problem to change the DBA password offline in 17.0.10.5750 via

"%SQLANY17%\\bin64\\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\\backdoor.db

But if the database file is AES encrypted that didn't work.

1) If I use the same statement as with an unencrypted database I got "Missing database encryption key for database 'd:\\backdoor.db'." - This is from my point of view correct. 2) Now I want to submit the encryption key via

"%SQLANY17%\\bin64\\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase;DBKEY=xxxxxx" d:\\backdoor.db

or

"%SQLANY17%\\bin64\\dbeng17.exe" -orp "UID=DBA;NEWPWD=newpassword;AUTHUID=DBAReset;AUTHPWD=sybase" d:\\backdoor.db -ek "xxxxxx"

Both variants didn't work, I got the messages "Invalid offline reset passwort parameter" and "No database option is not allowed with -orp server option".

Is it possible to use offline dba password reset with an encrypted database? Or do I need a fully deployed role-based access control model, where the DBA user has granted the CHANGE PASSWORD privilege to the correct power users together with an encrypted database.

Many thanks!

Accepted Solutions (1)

Accepted Solutions (1)

chris_keating
Product and Topic Expert
Product and Topic Expert

Encrypted databases are not currently supported with this feature. Engineering case# 819146 opened to address this.

robert_kratschmann
Participant
0 Kudos

Thanks Chris

chris_keating
Product and Topic Expert
Product and Topic Expert
0 Kudos

This issue has been fixed and will be in an upcoming software update that is 17.0 Build 5788 or newer.

VolkerBarth
Contributor
0 Kudos

V17.0.10.5820 has been publised yesterday:)

Answers (0)