It would still be nice to have SAPDB vserver/serv.exe bind on certain interfaces only instead of 0.0.0.0, because you can't always access local ip security settings (i.e. support not compiled into the kernel or not accessible on a linux webserver box). Furthermore you could use the free port on the interfaces you don't bind to for other purposes.
In case of SAPDB on Windows it shouldn't be too hard to do because the bind function in sqltcp.dll internally always binds to 0.0.0.0/INADDR_ANY. The specific sqltcp.dll function could just have an optional parameter for the interface(s) thats by default 0.0.0.0. The service requesting the bind could then be modified to have another parameter in its configuration for this purpose and it could forward this to the bind function in sqltcp.dll. I'm sure it could work for Unix systems in a similar way....without endangering backwards compatibility. > -----Original Message----- > From: Daniel Dittmar [mailto:[EMAIL PROTECTED]] > Sent: Mittwoch, 18. Dezember 2002 20:48 > To: [EMAIL PROTECTED] > Subject: Re: Secure SAPDB? > > > Sven K�hler wrote: > > Hi, > > > > how can i force SAPDB to bind to 127.0.0.1 only. > > by default it bind to 0.0.0.0 which might be a potential > risk because > > other users from the network can access the port directly. > > > > is there any option for that? > > No, that's what firewall software is there for. > > Daniel Dittmar > > -- > Daniel Dittmar > SAP DB, SAP Labs Berlin > [EMAIL PROTECTED] > http://www.sapdb.org > > > > _______________________________________________ > sapdb.general mailing list > [EMAIL PROTECTED] > http://listserv.sap.com/mailman/listinfo/sapdb> .general > _______________________________________________ sapdb.general mailing list [EMAIL PROTECTED] http://listserv.sap.com/mailman/listinfo/sapdb.general
