the logging done for su on unix systems. For
example
[ip address] succesfully connected as sysdba
[ip address] gave an invalid password for sysdba
If there was a on-login event and if this parameter was passed to the
handler then it could be nice option for DBAs who want to keep track of
these things.
Many services (samba, apache, for example) let
you limit who can
connect by network address/range. While this can in some situations
be defeated by address spoofing, it might be a good idea for IB.
For classic on linux (and presumably other unix you should already)
be able to do this with tcpd.
I think bloacking the post via ipchains from undesirable address is quick
and pretty immune from spoofing. It's easy to implement and requires no
recoding of the database. I say let the OS take care of denying a
service.
On the topic of security enhancments, if you run IB as a web
backend,
and run the ibserver on the same machine as
the web server, it would
seem to be a good idea to use IPC and disable tcp/ip (both for
security
and efficiency). Previously, this could be done with by using a
local
interbase license.
I'm all for this if it improves speed.
----------------------------------------------
Tim Uckun
Mobile Intelligence Unit.
----------------------------------------------
"There are some who call me TIM?"
----------------------------------------------