Subject RE: [IB-Architect] Security holes...
Author Phil Shrimpton
> From: Jason Wharton [mailto:jwharton@...]


> I am aware of various exploits that are exposed when opening up
> an InterBase
> database to connect over the internet.

> I would like to run an application where I accept direct connections from
> anywhere on the web but I don't want to leave a security hole
> wide open...

If you could just use port 3050 to connect to IB, the security could be
sorted out via firewalls etc., but the main problem is that the application
needs to connect to an explicit directory on the server machine. Some thing
that could go someway to solving this was mentioned in a previous thread,
that is Database Aliases (for Shadows and multiple files if remember
correctly). If it was possible to just use port 3050 and then an 'Alias'
for the BD location (sent through the port), I think that might be an

I am by no means an expert on security, and am probably talking rubbish, but
I know if I block all ports except 3050 on my firewall I can connect to the
Interbase server, but not any databases.

The use of aliases also allows the additional benefit of being able to move
the location of the database on the server without having to amend any
code/INI file/registry setting etc. on the client application.


Phil Shrimpton
Project JEDI DCOM Team Captain
Project JEDI Library Team
Registered Linux User #155621