I think where to store the config depends on who wants to bind the socket....sqltcp.dll at least seems to be used by a couple of SAPDB services. I don't know if theres a vserver/serv.exe configuration file, on Windows is seems to access some information in the registry at least.
Maybe a look into the vserver/serv.exe sources makes things more clear... I think having the SAPDB machine reside behind an extra firewall or have it own firewall software running locally isn't an option in all cases. Restricting listen interfaces is a very cheap and easy way to i.e. make only local connections possible if you don't need remote sql from outside at all. > -----Original Message----- > From: Sven K�hler [mailto:[EMAIL PROTECTED]] > Sent: Donnerstag, 19. Dezember 2002 11:15 > To: [EMAIL PROTECTED] > Subject: Re: Secure SAPDB? > > > > It would still be nice to have SAPDB vserver/serv.exe bind > on certain > > interfaces only instead of 0.0.0.0, because you can't always access > > local ip security settings (i.e. support not compiled into > the kernel > > or not accessible on a linux webserver box). Furthermore > you could use > > the free port on the interfaces you don't bind to for other > purposes. > > and a firewall protects a complete sub-net in most cases. so SAPDB > wouldn't be protected from being accessed by any other > computer in the > sub-net. > > > In case of SAPDB on Windows it shouldn't be too hard to do > because the > > bind function in sqltcp.dll internally always binds to > > 0.0.0.0/INADDR_ANY. The specific sqltcp.dll function could > just have > > an optional parameter for the interface(s) thats by default > 0.0.0.0. > > The service requesting the bind could then be modified to > have another > > parameter in its configuration for this purpose and it > could forward > > this to the bind function in sqltcp.dll. I'm sure it could work for > > Unix systems in a similar way....without endangering backwards > > compatibility. > > it should be the same on windows and unix: > added a new paramter to the function that calles bind() on the > serversocket. > > but another thing is, where to store the config. > any ideas? > > > > _______________________________________________ > sapdb.general mailing list > [EMAIL PROTECTED] > http://listserv.sap.com/mailman/listinfo/sapdb> .general > _______________________________________________ sapdb.general mailing list [EMAIL PROTECTED] http://listserv.sap.com/mailman/listinfo/sapdb.general
