If you’re running an old version of Zend Server on the IBM i make sure you look at this article from Zend Support:

https://support.zend.com/hc/en-us/articles/203733853-db2-connect-may-allow-blank-password-with-user-entered

Basically you need to rename
/usr/local/zendsvr/lib/libdb400.a to /usr/local/zendsvr/lib/libdb400.a.bak

To do this Rod Flohr suggest you open a PASE shell and issue a mv command to rename the file.

5250 Terminal:

[code]
call qp2term
[/code]

PASE:

[code]
mv /usr/local/zendsvr/lib/libdb400.a /usr/local/zendsvr/lib/libdb400.a.bak
[/code]

If you pass in user supplied parameters to db2_connect function a person could log in as someone else with greater authorities possibly and go into pages or access data they aren’t authorized to use.