Subject Re: [firebird-support] Connection Idea
Author Helen Borrie
At 02:17 PM 21/04/2005 -0700, you wrote:

>What is the feasiblity of this?
>I *CONSTANTLY* have to fight with clients to get the connection strings
>to work. Its one of the biggest time consumers for my support. I am
>trying to think of a way to make it more universal. Is this approach
>possible? or something like it maybe?
>1. In aliases.conf I always install an alias with my product name
>pointing to the database on the server.
> example: myProduct = c:\db\data.fdb
>2. Now the tricky part, for me at least. Can we do something that
>talks to their DNS server and says to add an entry called
>"MyProduct_FB_server" or somethign that will definatlly not be in their
>already and give it the IP address of the server we just installed.
>3. Now we can access the DB at MyProduct_FB_Server:myProduct" no matter
>who the client is. The client apps can always look for that connection,
>be default at least.
>Is this something possible or are their too many hoops to jump through.
> I would like there to be some simple command i could run that was like
>RegisterDNSName('MyProduct_FB_server', and be done from there.
>Am I going in the right direction or am i just way off?

In the right direction - except that messing about with the network
configuration is not something that the database engine will do for you.

The solution is remarkably simple - just as simple and sensible as your
decision to get acquainted with aliases.conf to avoid deployment
complexity. Map your custom server's name to its static IP address in the
server's Hosts file. To use your example,

111.222.333.1 MyProduct_FB_Server # add a comment if you like

Your RegisterDNSName('MyProduct_FB_server', would have to be
a script you would write yourself, allowing the network admin to input the
static IP address to be applied to the host.

Don't overlook the security risk of deploying a package with this degree of
streamlining, though. If the host is configured to be accessible by the
WWW, your approach would risk giving unauthorised access to one of your
sites by an evil user with access to your product on another site, who
knows (or can guess or brute-force) the static IP address of the host. In
firebird.conf, you can avoid this risk by binding incoming connections to a
single gateway that is accessible to bona fide WAN users but not visible to
unauthorised users. Look up RemoteBindAddress for this.