On older versions of Zend Server, it may be possible to use a blank password when the user is entered in the db2_connect() or db2_pconnect() function. The connection statement would look similar to this:
$connect = db2_connect("*LOCAL", "PHPUSER", "");
Note, if both the user and password are left blank, that is a different issue. Please see the following article:
IBM i DB2 allows a connection with no user ID or password - How to change this
Zend Server for IBM i version 5 running on any supported version of IBM i.
This can occur if there is a version of the libdb400.a archive that is set up to allow this for debugging purposes. This version of libdb400.a was inadvertently distributed with some versions of Zend Server 5. Here is how to check for this and correct it.
From the 5250 command line, as QSECOFR or a *SECOFR class user:
This command brings you into the PASE shell.
In the PASE shell:
If this message appears:
Then this problem is not present. However, if there is a listing:
Then the file is there and should be renamed. To rename the file, please do this command in the PASE shell:
Verify that libdb400.a no longer exists, and libdb400.a.bak does exist:
After renaming the file, please restart Apache for the change to take effect. Please schedule the restart for a time when it will be appropriate to have your web site unavailable for a few minutes.
Here is an example of the entire PASE shell session: