Alexandre Benson Smith wrote:

>>>
>>>
>>May be it's time to discuss details.
>>
>>1. In which form should coteries be kept? To allow access from network
>>192.168.3.0 known forms are at least:
>>192.168.3.0/24
>>192.168.3.0/255.255.255.0
>>192.168.3.0
>>192.168.3.
>>My prefered style is 1, but it's interesting to know other people's mind.
>>
>>

In Netfrastructure,

statement := CREATE COTERIE <name> [ AS ] <address> [ , <address ]...

address := <ip_address>
<ip_address> TO <ip_address>
<dns_name>
*.<dns_name>

ip_address := <number>.<number>.<number>.<number>

Firebird should also accept IPv6 ip address. Although I parse DNS
names, it was too much bother to implement, and numeric ranges have been
perfectly satisfactory.

I believe coteries should be strictly affirmative. Blocking specific
addresses after the fact shows too little appreciation for the abilities
of malicious hackers.

>>2. How should be cotteries entered? Should we add switches to gbak?
>>Services API? Isc_user_* family of functions? (I know Jim will answer
>>that it's necessary to have fb_authenticate_user, but for fb2 this is
>>unreal suggestion).
>>
>>3. Do we let user have infinite number of coteries or limit it with some
>>reasonable thing? Answer is not very simple, if we want to let user
>>modify his coteries himself. If limited, should it be configurable or
>>hardcoded?
>>
>>
>>
>>
>Hi Alex,
>
>
>I prefer this:
>
>192.168.3.0/24
>
>or
>
>192.168.3.123
>
>for a full ip address
>
>How cotteries should be managed ?
>It will be per database ? per server ?
>The data should reside insede the database ? or should have some config file (cotteries.conf) ? Or will be just a field in the RDB$USERS ? or even a tbale RDB$COTTERIES that has a FK to RDB$USERS ?
>
>if it will be stored inside the database in system tables, users could update it as wish using simple SQL no need to an API call.
>
>see you !
>
>
>
>
>