hsqldb bypass authentication: reset forgotten user and password

2.3k views Asked by At

I have a set of database files (i.e. .data, .properties and .script file) in hsqldb format, but the person who managed them previously quit and left no credentials. When I try to connect to the database using any means to access the standalone file-based database (such as SqlTool or DatabaseManager), passing default "sa" user and default empty password, I get something like that:

java.sql.SQLException: User not found: SA
        at org.hsqldb.jdbc.Util.sqlException(Unknown Source)
        at org.hsqldb.jdbc.jdbcConnection.(Unknown Source)
        at org.hsqldb.jdbcDriver.getConnection(Unknown Source)
        at org.hsqldb.jdbcDriver.connect(Unknown Source)
        at java.sql.DriverManager.getConnection(DriverManager.java:582)
        at java.sql.DriverManager.getConnection(DriverManager.java:185)
...

Is there a way to easily bypass the whole hsqldb authentication and grants scheme and just reset the "sa" user in its full rights? I've digged up whole hsqldb documentation and done some research over Google, but I can't find any means to just bypass it?

Or it's completely impossible without brute-forcing (i.e. file is in fact encrypted with a given password)? This question mentions that passwords are stored in .script file, but it looks like that the one I have is set to COMPRESSED or BINARY format (I can't tell which one with my bare eyes) using SET SCRIPTFORMAT command, albeit I see raw live string data in the .data file. Is it possible to decrypt BINARY format?

1

There are 1 answers

1
fredt On BEST ANSWER

If you see cleartext strings in the .data file, then the database is not encrypted.

As HSQLDB is opensource, you can edit the source to print out the user name and password to the console when the database is opened. Find the class named User for this purpose. This cannot be done with encrypted databases, which are not opened at all without the encryption key.