Subject RE: [IB-Architect] Security holes...
Author Doug Chamberlin
At 4/2/00 06:52 PM (Sunday), Phil Shrimpton wrote:
>If you could just use port 3050 to connect to IB, the security could be
>sorted out via firewalls etc., but the main problem is that the application
>needs to connect to an explicit directory on the server machine. Some thing
>that could go someway to solving this was mentioned in a previous thread,
>that is Database Aliases (for Shadows and multiple files if remember
>correctly). If it was possible to just use port 3050 and then an 'Alias'
>for the BD location (sent through the port), I think that might be an
>improvement.
>
>I am by no means an expert on security, and am probably talking rubbish, but
>I know if I block all ports except 3050 on my firewall I can connect to the
>Interbase server, but not any databases.

I think you are quite wrong about this, Phil. All you need is access via
port 3050. If that is not sufficient for you then something else must be
wrong. While the client needs to know the exact location and name of the
database file on the server, it does not need to have any direct access to it.

>The use of aliases also allows the additional benefit of being able to move
>the location of the database on the server without having to amend any
>code/INI file/registry setting etc. on the client application.

This is precisely one of the big benefits of using aliases. I hope we can
add them soon.