firebird-automations
commented
13 years ago Commented by: @AlexPeshkoff
Before adding such a feature request it would be very good idea to discuss it in fb-devel list.
Open firebird-automations opened 13 years ago
firebird-automations
commented
13 years ago Commented by: @AlexPeshkoff
Before adding such a feature request it would be very good idea to discuss it in fb-devel list.
firebird-automations
commented
13 years ago Commented by: JimBeam (jimbeam)
Done on 13 April of this year, see thread 'Feature request: database registration via aliases.conf, databases system table support', as mentioned via http://sourceforge.net/mailarchive/message.php?msg_id=27353311
firebird-automations
commented
13 years ago Commented by: @AlexPeshkoff
In that case let me notice that in that discussion it was decided to: - use services API, - do not do something when DROP DATABASE is done, - never show something except alias name and possible description of it.
firebird-automations
commented
13 years ago firebird-automations
commented
13 years ago Commented by: Lester Caine (lsces)
While it is probably taken as read .... This would be a facility that needed switching on in firebird.conf and would be off by default!
If someone wants to use it then like some of the other questionable functions then need to well aware why they are doing it. Personally I can't see any reason for publishing a list of available databases at THAT level - Flamerobin and Eclipse provide just the level of database management I need, and where I have a range of separate databases ( the address information archive for example ) then managing them from within the application with my own table seems much more sensible?
One nice thing about Firebird is the fact that it is quiet in it's responses to random attacks.
firebird-automations
commented
13 years ago Commented by: @AlexPeshkoff
Lester, I see switching on/off it in firebird.conf and aliases.conf in the following way.
We already have in trunk per-database configuration options in aliases.conf, which may override default from firebird.conf. Same schema for advertise. In firebird.conf:
by default, but people can turn it on globally. And in each alias one can control specific behavior for given alias. For example, even with Advertise=1 in firebird.conf, it's possible to have in aliases.conf: TopSecret = /path/to/very/important/database.fdb { Advertise=0 }
This can even become a minor security benefit - we show some aliases, but nobody knows about really important things.
firebird-automations
commented
13 years ago Commented by: Sean Leyne (seanleyne)
Edited for readability
firebird-automations
commented
13 years ago
Submitted by: JimBeam (jimbeam)
Votes: 2
As discussed in http://sourceforge.net/mailarchive/message.php?msg_id=27353311
What: keep track of databases (via configuration in aliases.conf) and present/advertise that in a system view/table and/or via services API. (Discussion on security implications lead to preference for services API) If enabled, this allows users to query which databases are present on a server.
======================================================================== Why: developers/end users can more easily choose and connect to a database on a Firebird server, even point and click. See pros below.
======================================================================== Pros: - Ease of use for end users: -- Their applications can be modified to provide point and click GUI connection options: avoids typos, extra documentation, looking up aliases, and bothering IT staff.
- Ease of use for developers: -- In house apps that keep track of databases can be converted -- Drivers such as http://Firebird.Net driver can add schema support (for databases), e.g. for support of the SharpDevelop database plugin and better support for Visual Studio. -- As mentioned above, developers can use adapted drivers in GUI/RAD environments to connect to a database by visually selecting it. Avoids typos, extra documentation, and looking up aliases.
Cons: - Increased code complexity/maintenance - Security issue: leakage of information on databases present on system. - Security issue: denial of service/brute force attacks with by bruteforcing database aliases has increased impact (due to more code executing).
Remediation for both security issues: disable advertising by default; admin has to edit aliases.conf to show a database. Also, restrict access to people with SYSDBA.
======================================================================== Ideas for implementation:
Must have for this feature to be usable:
1.1 Aliases.conf extends notation from e.g. dummy = c:\data\dummy.fdb to something like dummy = c:\data\dummy.fdb;advertise=yes
1.2 System view/table like RDB$DATABASES and/or services API function that returns the list of alias names. This allows devs/end users to query this to get an overview of databases on the server.
1.3 Determine what should happen if a DROP DATABASE command is committed for one of the advertised dbs.
Nice to have: 2.1 Not only advertise database name from aliases, but also things the engine reads on connection (e.g. page size, charset,...), possibly file location (only accessible to server SYSDBA for security)
======================================================================== Note: Thomas Steinmaurer mentioned that in InterBase 7.5 and up, this functionality is provided by a table called DB_ALIAS in the security database; see e.g. http://www.gvsnet.nl/ibconsole/using_aliases_in_IBConsole.pdf