| Subject | Re: [IB-Architect] Re: Some thoughts on IB and security |
|---|---|
| Author | Jason Wharton |
| Post date | 2000-04-29T16:33:46Z |
>A different problem. It is difficult to look into a database to findI thought you were looking at the server before you got to a database.
>where to find the database.
Couldn't the server maintain a list of registered database paths by an
alias?
Your connect string would be something like:
MyServer:%MyDatabaseAlias%
Which MyServer would receive, then do a lookup for MyDatabaseAlias and if it
is registered with a GDB location it will connect to the database for that
alias and the client would never have the need to know what that actual
location is.
What else may be an interesting twist is the alias could also store a remote
connection string and just pass the whole connection on to another machine.
That also allows interesting possibilities that would help with failover and
general sys administration.
Forcing the use of an alias would be a great way to prevent or restrict who
can create a database on a system. This is one of the current major security
problems of InterBase since anyone knowing any valid password on the server
can do it.
Seems that the services API would be a good mechanism to use to create an
alias on a server. For backwards compatibility a server could be put into
AutoAlias mode which would make an alias entry using the raw database
connect string coming in and use it from then on.
Usage of the percent symbol is negotiable. I just use it here because it is
a common way to denote a replacable parameter like in a DOS command script.
It could actually be left off and treat all text after the server as the
alias name without any signifying character. That way backwards
compatibility would be achieved simply by making alias entries using the
same database path string.
This would also make it possible to fix the corruption issue when you use
two different connect strings and connect to the same database file as
though it were two separate files.
MyServer:d:ibdb\MyDB.gdb
MyServer:d:\ibdb\MyDB.gdb
Both of these would be aliased to
MyServer:d:\ibdb\MyDB.gdb
and solve that problem too...
FWIW,
Jason Wharton
InterBase Developer Initiative
jwharton@...
InterBase will be the database of the new millennium.