Re: [Firebird-devel] Ability to use non-local protocol to create DB which alias is declared as self-security
On 8/8/22 15:41, Pavel Zotov wrote:
Currently one need to use only local connection in order to create
self-security database, i.e.:
1) we create in the databases.conf alias of DB that we want to create,
e.g.:
tmp_self= $(dir_sampleDb)/tmp_self_example.fdb
{
SecurityDatabase = tmp
}
2) we run "create database" statement and specify there alias
'tmp_self', *without* protocol prefix ('localhost:', 'inet://',
'xnet://'):
D:\FB\fb308>isql -q
SQL> create database 'tmp_self'; set list on; select
mon$database_name, mon$owner, mon$sec_database from mon$database; drop
database;
. . .
MON$DATABASE_NAME D:\FB\FB308\EXAMPLES\EMPBUILD\TMP_SELF_EXAMPLE.FDB
MON$OWNER ZOTOV
MON$SEC_DATABASE Self
So far so good.
But if we try to create DB using command like this:
=
create database 'localhost:tmp_self' user sysdba password 'masterkey';
drop database;
=
-- then error raises:
SQL> Statement failed, SQLSTATE = 08006
Error occurred during login, please check server firebird.log for
details
Content of firebird.log in that case will be following:
Authentication error
I/O error during "CreateFile (open)" operation for file "tmp_self"
Error while trying to open file
[ can not find specified file ] // localized message here
Why this restriction exists ?
Because login / password to be validated in the database that does not
exist yet. Therefore password check fails and you can't attach to
server. Without connection to server it's hard to create something on it ;)
Database file did not exist also when we used local protocol.
From DS:
Have you forgot that it means embedded mode and user name/password
are not checked at all?
And yes - when there is no need to check login info there is no need to
attach to non-existent database.
So, what's the problem just to ignore this (i.e. missed .fdb file) it
and try to create this DB ?
The problem is need to follow security rule - each conection to server
to be validated by plugins.
PS. 2 more cents.
One can create database with self-security alias remotely if some
plugin, configured on server, does not need to attach to it. But for
tody we do not have one - even win_sspi needs DB (and security DB -
which is same database in your case) connection to load mappings.
PPS. If one has access to database.conf to create new alias he
definitely has embedded access to server, i.e. problem appears to be
rather artificial.
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Ability to use non-local protocol to create DB which alias is declared as self-security
Pavel Zotov wrote 08.08.2022 14:41:
2) we run "create database" statement and specify there alias 'tmp_self',
*without* protocol prefix ('localhost:', 'inet://', 'xnet://'):
Have you forgot that it means embedded mode and user name/password are not
checked at all?
--
WBR, SD.
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
[Firebird-devel] Ability to use non-local protocol to create DB which alias is declared as self-security
Currently one need to use only local connection in order to create self-security database, i.e.: 1) we create in the databases.conf alias of DB that we want to create, e.g.:tmp_self= $(dir_sampleDb)/tmp_self_example.fdb{ SecurityDatabase = tmp} 2) we run "create database" statement and specify there alias 'tmp_self', *without* protocol prefix ('localhost:', 'inet://', 'xnet://'): D:\FB\fb308>isql -qSQL> create database 'tmp_self'; set list on; select mon$database_name, mon$owner, mon$sec_database from mon$database; drop database;. . . MON$DATABASE_NAME D:\FB\FB308\EXAMPLES\EMPBUILD\TMP_SELF_EXAMPLE.FDB MON$OWNER ZOTOV MON$SEC_DATABASE Self So far so good. But if we try to create DB using command like this:=create database 'localhost:tmp_self' user sysdba password 'masterkey'; drop database;= -- then error raises: SQL> Statement failed, SQLSTATE = 08006 Error occurred during login, please check server firebird.log for details Content of firebird.log in that case will be following: Authentication error I/O error during "CreateFile (open)" operation for file "tmp_self" Error while trying to open file [ can not find specified file ] // localized message here Why this restriction exists ?Database file did not exist also when we used local protocol.So, what's the problem just to ignore this (i.e. missed .fdb file) it and try to create this DB ? Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] Status of isc_dpb_parallel_workers
Is there any prospect for more parallel operations in near future? Especially around i.e. query processing, basically general database operations. The reason I'm asking is whether to implement it in .NET provider on connection string level or only for "gbak" and "gfix". -- Mgr. Jiří Činčura https://www.tabsoverspaces.com/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
Re: [Firebird-devel] op_que_events and database shutdown
>What events might be missing ? Connection is shutdown and can't be > resurrected. New connection > will queue new events and can't miss one. Remember, first "queue > events" in connection immediately > receives most current counters. It could be compared with last known > counters before re-connect, > if necessary. I mean, the application does not know that the database was shutdown and will no not (re)queue events on new connection. Other applications might be already reconnected (because these are doing something and hence detect the shutdown) and sending events. The problem is not how to recover operations after new connection. But how to detect new connection is needed. It's fine for me if this is purely responsibility of developer - for example doing some heartbeat/watchdog/... logic. I just want to know there's nothing on protocol level I can use to help this situation. -- Mgr. Jiří Činčura https://www.tabsoverspaces.com/ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
