On 01/08/2014 07:34 PM, Mark Rotteveel wrote: > On Wed, 08 Jan 2014 19:13:02 +0400, Alex <peshk...@mail.ru> wrote: >> On 01/07/2014 01:11 PM, marius adrian popa wrote: >>> Notes on database security assesment >>> > http://www.slideshare.net/qqlan/firebird-interbase-database-engine-hacks-or-rtfm >> I see 2 kinds of samples - mixed DDL/DML statements and use of UDF. >> >> It's well known and documented (can't provide a link but as far as I >> remember it's documented) fact that DDL/DML mix is not what makes >> firebird behave well. Anyway: >> >> $ ./isql employee -u sysdba ## it's fb3 and use of embedded access >> SQL> set autoddl off; >> SQL> ALTER DATABASE ADD DIFFERENCE FILE 'filename'; >> SQL> ALTER DATABASE BEGIN BACKUP; >> SQL> INSERT INTO country values ('aa', 'bb'); >> SQL> commit; > ... >> aa bb >> >> SQL> >> >> I see no lockout. And without "set autoddl off" also (certainly) no >> lockout. > I think he means you can create a file anywhere on the file system (ie in > a webserver directory) with a relatively high level of control of what gets > into it. >
May be I did not understand what means 'your file is locked'. But anyway - this works only if a webserver directory has write access for user firebird of firebird server runs as root. ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
