| Subject | Re: [firebird-support] Security patches - How? |
|---|---|
| Author | Helen Borrie |
| Post date | 2007-02-06T23:11:43Z |
At 05:16 AM 7/02/2007, you wrote:
the life of Firebird releases) then there would probably be a patch
and it would certainly require taking down the Firebird server in
order to apply it.
for a patch to an executable or a shared library; or a few more
seconds for a reinstallation. And then, if you were doing your job
properly, you would have to allow whatever time it takes to test that
everything is working.
Since this is client/server software, it might take you a longer time
to update all your users' machines with a new version of the client
library if you were running a 2-tier system. For a typical n-tier
setup, such as a web-based application, on some platforms, e.g.
Windows, you would have to reboot the host machine as well.
If a vulnerability has compromised your data, of course it is a whole
different ballgame. Fixing the software doesn't undo damage to your data.
server can use and benefit from it.
We don't run benchmark tests at all with those vendors, if that
answers your question.
A group in Russia has a bench on which it periodically compares
various benchmarks between different versions of Firebird and
Borland's InterBase. It is an independent group that is not paid for
the reports it publishes. I believe that group provides test benches
as a commercial service offering.
Inter-vendor benchmarks are notoriously unreliable since they are
usually set up deliberately with optimal configuration for the
product owned by the vendor who pays for the test and the
worst-possible configuration for all of its competitors.
The only valid benchmark is testing the products on YOUR hardware
with YOUR data and YOUR applications.
./heLen
>Dear Firebird experts,In release notes.
>I am currently evaluating the different available DB-Systems and did
>not find exact information about
>- where security updates and issues about firebird are anounced
>- how they are fixed (means: will there be a patch or a "new" versionIn a sub-release, i.e. a new version to download and re-install.
>to download)
>- how to apply security fixes? (means: Can we simply exchange theIf there was an urgent security fix (which has never been the case in
>install-dir with the new fixed version or is a dump/re-import
>necessary)..
the life of Firebird releases) then there would probably be a patch
and it would certainly require taking down the Firebird server in
order to apply it.
>how quick will that update be done on a "hot" webserverYes. And it would take as long as it takes. Probably a few seconds
>installation? The Web-DB has definitely to be down during update/patch
>time, right?
for a patch to an executable or a shared library; or a few more
seconds for a reinstallation. And then, if you were doing your job
properly, you would have to allow whatever time it takes to test that
everything is working.
Since this is client/server software, it might take you a longer time
to update all your users' machines with a new version of the client
library if you were running a 2-tier system. For a typical n-tier
setup, such as a web-based application, on some platforms, e.g.
Windows, you would have to reboot the host machine as well.
If a vulnerability has compromised your data, of course it is a whole
different ballgame. Fixing the software doesn't undo damage to your data.
>And....are there any performance benchmarks forNo. The Firebird Superserver model doesn't support SMP. The Classic
>multi-prozessor-systems comparing Firebird with e.g. MySql or Postgres ?
server can use and benefit from it.
We don't run benchmark tests at all with those vendors, if that
answers your question.
A group in Russia has a bench on which it periodically compares
various benchmarks between different versions of Firebird and
Borland's InterBase. It is an independent group that is not paid for
the reports it publishes. I believe that group provides test benches
as a commercial service offering.
Inter-vendor benchmarks are notoriously unreliable since they are
usually set up deliberately with optimal configuration for the
product owned by the vendor who pays for the test and the
worst-possible configuration for all of its competitors.
The only valid benchmark is testing the products on YOUR hardware
with YOUR data and YOUR applications.
./heLen