| Subject | Re: [firebird-support] 2nd try: Security on Linux |
|---|---|
| Author | Helen Borrie |
| Post date | 2004-02-18T02:26:43Z |
At 07:32 PM 17/02/2004 -0600, you wrote:
Every host on an IP-based network has at least one IP address. In
addition, every Linux-based host has many individual processes
running. Each process has the potential to be a network client, a network
server, or both. Obviously, if a packet's destination were identified with
the IP address alone, the operating system would have no way of knowing to
which process the packet's contents should be delivered.
To solve this problem, TCP/I{P adds a component identifying a TCP (or UDP)
port. Everyconnection from one host to another has a source port and a
destination port. Each port is labeled with an integer between 0 and 65535.
In order to identify every unique connection possible between two hosts,
the operating system keeps tranck of four pieces of information: the
source IP address, the destination IP address, the source port number and
the destination port number. The combination of these four values is
guaranteed to be unique for all host-to-host connections...
A host initiating a connection specifies the destination IP address and
port number. Obviously, the source IP address is already known. But the
source port number, the value that will make the connection unique, is
assigned by the source operating system....
...
and so on. The default port for the Firebird service is 3050 for both
source and destination. You can find the details for clients in the
release notes, under the topic "Configuring the Firebird port
service". Your installation should have configured the source port for you
in /etc/init.d/firebird.
Seems to me you need to ask this question in a Linux server admin forum,
not a database forum. It would be highly useful if you would write a
how-to for Firebird users, once you get the nitty-gritty on it...
/heLen
>Hi,Here are a few paragraphs from my Linux Administrator's Guide:
>
>I was wondering about how to secure access to the Linux server on which
>the firebird server is running on.
>
>According to the documentation I need to add the list of hosts I allow
>to access the database server to /etc/hosts.equiv but doesn't it then
>allow anyone from that remote host to connect to the Linux server? If
>I want to allow only certain users to connect only to the database
>service but not to any other service, how would I handle this? Can I
>use /etc/hosts.allow and hosts.deny? If I can, what is the service
>name I should use? Any other security recommendations? A pointer to a
>document would be fine.
Every host on an IP-based network has at least one IP address. In
addition, every Linux-based host has many individual processes
running. Each process has the potential to be a network client, a network
server, or both. Obviously, if a packet's destination were identified with
the IP address alone, the operating system would have no way of knowing to
which process the packet's contents should be delivered.
To solve this problem, TCP/I{P adds a component identifying a TCP (or UDP)
port. Everyconnection from one host to another has a source port and a
destination port. Each port is labeled with an integer between 0 and 65535.
In order to identify every unique connection possible between two hosts,
the operating system keeps tranck of four pieces of information: the
source IP address, the destination IP address, the source port number and
the destination port number. The combination of these four values is
guaranteed to be unique for all host-to-host connections...
A host initiating a connection specifies the destination IP address and
port number. Obviously, the source IP address is already known. But the
source port number, the value that will make the connection unique, is
assigned by the source operating system....
...
and so on. The default port for the Firebird service is 3050 for both
source and destination. You can find the details for clients in the
release notes, under the topic "Configuring the Firebird port
service". Your installation should have configured the source port for you
in /etc/init.d/firebird.
Seems to me you need to ask this question in a Linux server admin forum,
not a database forum. It would be highly useful if you would write a
how-to for Firebird users, once you get the nitty-gritty on it...
/heLen