Advertise list of databases via aliases.conf
--------------------------------------------
Key: CORE-3527
URL: http://tracker.firebirdsql.org/browse/CORE-3527
Project: Firebird Core
Issue Type: New Feature
Components: Engine
Affects Versions: 3.0 Alpha 1
Environment: All
Reporter: JimBeam
Priority: Minor
As discussed in http://sourceforge.net/mailarchive/message.php?msg_id=27353311
What: keep track of databases (via configuration in aliases.conf)
and present/advertise that in a system view/table and/or via services API.
(Discussion on security implications lead to preference for services API)
If enabled, this allows users to query which databases are present on a server.
========================================================================
Why: developers/end users can more easily choose and connect to a
database on a Firebird server, even point and click. See pros below.
========================================================================
Pros:
- Ease of use for end users:
-- Their applications can be modified to provide point and click GUI
connection options: avoids typos, extra documentation, looking up
aliases, and bothering IT staff.
- Ease of use for developers:
-- In house apps that keep track of databases can be converted
-- Drivers such as Firebird.Net driver can add schema support (for databases),
e.g. for support of the
SharpDevelop database plugin and better support for Visual Studio.
-- As mentioned above, developers can use adapted drivers in GUI/RAD
environments to connect to a database by visually selecting it. Avoids
typos, extra documentation, and looking up aliases.
Cons:
- Increased code complexity/maintenance
- Security issue: leakage of information on databases present on system.
- Security issue: denial of service/brute force attacks with by bruteforcing
database aliases has increased impact (due to more code executing).
Remediation for both security issues: disable advertising by default; admin has
to edit aliases.conf to show a database.
Also, restrict access to people with SYSDBA.
========================================================================
Ideas for implementation:
Must have for this feature to be usable:
1.1 Aliases.conf extends notation from e.g.
dummy = c:\data\dummy.fdb
to something like
dummy = c:\data\dummy.fdb;advertise=yes
1.2 System view/table like RDB$DATABASES and/or services API function that
returns the list of alias
names. This allows devs/end users to query this to get an overview of databases
on the server.
1.3 Determine what should happen if a DROP DATABASE command is committed for
one of the advertised dbs.
Nice to have:
2.1 Not only advertise database name from aliases, but also things the
engine reads on connection (e.g. page size, charset,...), possibly file
location (only accessible to server SYSDBA for security)
========================================================================
Note: Thomas Steinmaurer mentioned that in InterBase 7.5 and up, this
functionality is provided by a table called DB_ALIAS in the security
database; see e.g. http://www.gvsnet.nl/ibconsole/using_aliases_in_IBConsole.pdf
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
