RAD Server Encrypted my Database! Or did it?
I've been using a couple of small InterBase databases for testing and learning purposes while doing some mobile and web development. I have a Windows 2016 Server in my office with InterBase XE7 and 2017 installed using different ports. Since I work from multiple virtual machines and sometimes a laptop, I just put the databases on the Windows server to access them all from whichever development environment I happen to be using. Both InterBase instances on the server were using the Developer license that comes with Delphi--requiring a restart once a day.
I've used the Professional edition of Delphi for many years and less than a year ago, upgraded to Enterprise. I'm slowly getting familiar with the additional features that are available in the higher SKU of my favorite development environment. One of those features is RAD Server. I've been reading about the benefits of this out-of-the-box REST server application solution, how to install and configure--and how to license it. You can run the stand-alone developer version found in the Delphi installation folder without applying any license. You also get one deployment license to install on a server under IIS or Apache--or even as a stand-alone server listening on its own port if you want.
I got the developer version working on my desktop machine, running through its initial configuration to create its database and seeing some JSON show up in a browser that it launched. I figured I'd apply my one deployment license on my Windows Server, so copied the distributable files over.
I installed the license first , then decided to check the database that had been built on my desktop machine which has a developer license of IB 2020. I wanted to make sure it would work on my server which still only has IB 2017. I opened IBConsole on the Windows server and tried to open the database for RAD Server,
emsserver.db, half expecting to see an invalid format error or something because I was opening it on an older version of InterBase. Instead, I was asked for a System Encryption Password. A what?
The Server edition of InterBase can use encrypted databases (which I knew about but had never used). That process uses a password (the System Encryption Password, or SEP) to do the encryption. After some head-scratching and investigating, it turns out that by simply applying the RAD Server license on my server, it turned my Developer InterBase licenses to Server InterBase licenses! And that, in turn, suddenly expected all the databases to be encrypted.
Well, at least that's what I can figure because I suddenly could not access other databases that had been just fine a few hours earlier. I copied one of them over to my workstation and it opened just fine so at least the database itself hadn't been encrypted.
A little more research and it turns out that InterBase encryption is done with a
SYSDSO user, of which there were none on the Windows Server instances of InterBase. I searched for documentation about a default SEP but the only thing I found was that if encryption is applied without a password, it assumes the password of the user applying it. That doesn't help me because the database is NOT encrypted!
So it looks like now I might have to remove the RAD Server license on my Windows Server hoping it will downgrade my InterBase license back to a developer license and allow me to create the SYSDSO user to enable encryption manually so that I can re-apply the RAD Server license.
I'll probably just remove all old versions of InterBase and start over. A blog for another day.