Vlad Horsun wrote:

>>All user need is to retrieve the attachment_id via isc_database_info() and
>>pass it to the engine which then signals the lock.
>>
>>
>
> May be transaction_id is better than attachment_id ?
>
>

No, I think a non-forgeable token is necessary to avoid security issues.

>And how about possible vulnerability when some bad boy will call isc_cancel_xxx
>for all numbers from 1 to 1000000 ? I think - only i (and possible SYSDBA) can
>cancel my running request.
>
>

Exactly. 1 to 1000000 may be feaible. 1 to 2**128 is going to take longer.

>PS BTW, if we'll have ability to cancel running request - we can implement
> timeouts (attacment\transaction\request level) directly in client library
>
>
>

Exactly.

--

Jim Starkey
Netfrastructure, Inc.
978 526-1376