Hi Paul,

Just got a moment and noticed your post.
I agree with you concerning the external files problems.
I would extend your thinking by putting into the ibconfig the allowed
paths that a database can be created in. I would also like to see some
limits done so that only certain individuals can create databases or
external files.

Ultimately, I would like to see some method proposed that would safely
allow the interbase server to run as some user other than root on a *nix
system.

It has been awhile, can someone update me as to the exact reasons why IB
must run as root and what problems will occur if it is run as some other
user?

best regards

Dalton

Paul Reeves wrote:

>
> Given that external files pose a security risk the easiest way to prevent the
> risk is to totally block the indiscrimate use of external files.
>
> It seems to me that we could allow the placing of additional entries in IBConfig
> which specify the path(s) of external files. The syntax could be similar to that
> for specifying temporary directories. If there are no EXT_FILE_DIR entries then
> no external files are allowed. Otherwise only the directories specifically
> mentioned can be used. The syntax for external file creation would remain the
> same.
>
> Any thoughts? Any takers to see if this could be implemented?
>
> Paul
> --
>
> Paul Reeves
> http://www.ibphoenix.com
> taking InterBase further
>
> To unsubscribe from this group, send an email to:
> IB-Architect-unsubscribe@onelist.com