It is possible to log on username other than root, and then execute queries (and receive wrong results...).
Example log on other user than root execute basic.sbql and compare results with results from query executed by root user.
Another (?) issue closely related to this one is a straightforward bug on the protocol level. In Session::init_phase(), around line 297 of Session.cpp, WCPasswordPackage is created, but then, for user=scott and passwd=tiger it reads user=scott and passwd=scott. Something is not being written right there. Another bug is that despite passing login=password, which is incorrect, authorization reports success.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Another (?) issue closely related to this one is a straightforward bug on the protocol level. In Session::init_phase(), around line 297 of Session.cpp, WCPasswordPackage is created, but then, for user=scott and passwd=tiger it reads user=scott and passwd=scott. Something is not being written right there. Another bug is that despite passing login=password, which is incorrect, authorization reports success.