| Subject | Re: [firebird-support] FB 1.52 on Linux with IB Expert database creation |
|---|---|
| Author | Helen Borrie |
| Post date | 2005-09-29T00:18:27Z |
At 03:24 PM 28/09/2005 +0000, you wrote:
not a good choice because it is accessible to all applications. I create a
/home/firebird directory, chown to firebird; create a firebird group for
the firebird user and any local users needing access to databases.
a security point of view, it is not desirable to have databases being
created in "public places".
"default database directory". It has been discussed for Firebird 2,
though, and would be quite handy. I reiterate, in real life, you need to
protect your databases.
I'd also point out that this mode of connecting to a database is available
only to Classic and has its own particular limitations. It is OK for the
database access layer in an n-tier architecture but clients in 2-tier
cannot connect this way. The need to use a full TCP/IP path of either
hostname:/full/host/path or hostname:/aliasname.
are not in the RESTRICT list.
./heLen
>hi,It's better to choose a location whose access can be restricted. Var is
>
>i'm kind of newbie to Firebird, so please don't mock me ^^
>
>i've installed it on a Linux test server, and it runs well with the
>default configuration
>
>i've decided to have the /var/db directory to store the databases
not a good choice because it is accessible to all applications. I create a
/home/firebird directory, chown to firebird; create a firebird group for
the firebird user and any local users needing access to databases.
>when i create a database, i type on isql :In real life, it's not annoying, since one rarely creates databases. From
>CREATE DATABASE '/var/db/xxx.fdb';
>and i alias it on aliases.conf
>but my work mates prefer to use IB Expert Personnal Edition, they
>often forget to enter the full path for the new database, and the new
>database is created on /tmp ...
>
>that's really annoying
a security point of view, it is not desirable to have databases being
created in "public places".
>is there a way to force the database creation on /var/db ?Don't do this. But no, at present there is no way to specify a server-wide
"default database directory". It has been discussed for Firebird 2,
though, and would be quite handy. I reiterate, in real life, you need to
protect your databases.
I'd also point out that this mode of connecting to a database is available
only to Classic and has its own particular limitations. It is OK for the
database access layer in an n-tier architecture but clients in 2-tier
cannot connect this way. The need to use a full TCP/IP path of either
hostname:/full/host/path or hostname:/aliasname.
>i've checked the manuals, but i didn't found what i was looking forCorrect. It also prevents you from creating databases in directories that
>the DatabaseAccess directive seems only to restrict access on well
>placed databases, not to force creation on a certain directory
are not in the RESTRICT list.
>i've also tried to change the RootDirectory to /var/db but withErk!!
>disastrous consequences you can imagine ...
./heLen