| Subject | Re: [IBPP-DISCUSS] [firebird-support] FB Embedded on Linux without need for roo |
|---|---|
| Author | Micha Feigin |
| Post date | 2006-07-18T08:55:34Z |
On Mon, 17 Jul 2006 13:35:33 -0000
"Milan Babuskov" <milanb@...> wrote:
debian uses the RootDirectory/run directory while the official binary uses
RootDirectory
whatever reason, having a password file won't stop him since he need read
access to the database file anyway with the embeded server. The password file
is only useful for a connection that doesn't give the user any direct access to
the file. The only way authentication is useful for accessing a file directly
is when you encrypt the file in some way using that information.
"Milan Babuskov" <milanb@...> wrote:
> Micha Feigin <michf@...> wrote:It's the debian package and after downloading the official binaries I saw that
> > It doesn't. If you look at the following dump from strace, the
> > program tries to stat run/isc_lock1.litshi and then open it, but
> > since the directory run doesn't exist
>
> Are you sure you're using the official binaries from Firebird website,
> and not the ones from Debian package?
>
debian uses the RootDirectory/run directory while the official binary uses
RootDirectory
> > adding the user to the firebird group instead of using the suppliedThat worked, thanks
> > instructions), then it uses the global run directory
> > (/usr/lib/firebird2/run
>
> Official package does NOT install in /usr/lib/firebird2. You are using
> a custom binary with custom modifications from Debian maintainer of
> the package, and there is no wonder that things don't work as advertised.
>
> Please, download the .tar.gz package as explained in my HOWTO and use
> files from it. It will surely work. It won't touch your existing
> installation in any way.
>
> > With the embeded version authentication is useless since you canI am suggesting that if a user wanted to break into the database file for
> > point firebird to the current directory and put your own password
> > file there.
>
>
> It doesn't remove the requirement that you still need a password file.
> Are you suggesting that final user using your application would supply
> his own security.fdb ?
whatever reason, having a password file won't stop him since he need read
access to the database file anyway with the embeded server. The password file
is only useful for a connection that doesn't give the user any direct access to
the file. The only way authentication is useful for accessing a file directly
is when you encrypt the file in some way using that information.
>
> > I didn't know, I will try and look at it, although I am still tying
> > to find a programmers guild it firebird. On the other hand, ibpp
> > won't let you create a new database object without at least a
> > username so I don't think it's useful
> > from the programmers side. I'll be happy to learn differently.
>
> You have predefined SYSDBA/masterkey username password, and if you
> ship default security.fdb with your app, you don't have anything to
> worry about - you can even create db.
>
> </M>
>
>
>
>
>
>
> +++++++++++++++++++++++++++++++++++++++++++
> This Mail Was Scanned By Mail-seCure System
> at the Tel-Aviv University CC.