| Subject | RE: [firebird-support] Tcp-wrapper support |
|---|---|
| Author | Rick Debay |
| Post date | 2007-02-22T16:08:01Z |
I would like to manage all network connections through a standard
generic interface, instead of having to use Firebird's (or whatever
other application needs managing). Libwrap (the tcp-wrapper library) is
robust and easy to manage. I don't want Firebird to have to worry about
what connections to accept or drop, that's the responsibility of the
operating system's networking stack.
For example, I can allow connections from somedomain.com, and libwrab
will perform multiple DNS lookups to prevent spoofing. AFAIK Firebird
doesn't have that capability.
Yes, yes, yes, and yes. In our non-homogeneous environment, I can't
restrict users to secure connections only (SSL, etc) but I can throw a
big speed-bump in front of port 3050 by locking it down by configuring
tcp-wrappers.
-----Original Message-----
From: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] On Behalf Of Helen Borrie
Sent: Wednesday, February 21, 2007 5:48 PM
To: firebird-support@yahoogroups.com
Subject: RE: [firebird-support] Tcp-wrapper support
At 09:15 AM 22/02/2007, you wrote:
Reading about tcp wrapper (assuming that's what Rick means by
"tcp-wrapper"), it seems to do pretty much a combination of what you can
configure the Firebird server to do for itself and what you can
configure the tcp service to allow or deny.
It was a rather vague question: what do you want Firebird to do that
it's not doing already? Log requests? Control all accesses to the
server and auxiliary ports? Override keepalive? Something else?
./heLen
------------------------ Yahoo! Groups Sponsor --------------------~-->
Check out the new improvements in Yahoo! Groups email.
http://us.click.yahoo.com/4It09A/fOaOAA/yQLSAA/67folB/TM
--------------------------------------------------------------------~->
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://www.firebirdsql.org and click the Resources item on the
main (top) menu. Try Knowledgebase and FAQ links !
Also search the knowledgebases at http://www.ibphoenix.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Yahoo! Groups - Join or create groups, clubs, forums & communities.
Links
Disclaimer: This message (including attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. RxStrategies, Inc. shall not be liable for the improper or incomplete transmission of the information contained in this communication or for any delay in its receipt or damage to your system. RxStrategies, Inc. does not guarantee that the integrity of this communication has been maintained nor that this communication is free from viruses, interceptions or interference.
generic interface, instead of having to use Firebird's (or whatever
other application needs managing). Libwrap (the tcp-wrapper library) is
robust and easy to manage. I don't want Firebird to have to worry about
what connections to accept or drop, that's the responsibility of the
operating system's networking stack.
For example, I can allow connections from somedomain.com, and libwrab
will perform multiple DNS lookups to prevent spoofing. AFAIK Firebird
doesn't have that capability.
> Log requests? Control all accesses to the server and auxiliary ports?Override keepalive? Something else?
Yes, yes, yes, and yes. In our non-homogeneous environment, I can't
restrict users to secure connections only (SSL, etc) but I can throw a
big speed-bump in front of port 3050 by locking it down by configuring
tcp-wrappers.
-----Original Message-----
From: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] On Behalf Of Helen Borrie
Sent: Wednesday, February 21, 2007 5:48 PM
To: firebird-support@yahoogroups.com
Subject: RE: [firebird-support] Tcp-wrapper support
At 09:15 AM 22/02/2007, you wrote:
>Rick,Even Superserver, which manages its own attachment requests?
>
> > > Is Firebird compiled with tcp-wrapper support? If not, are there
> > plans
> > > for it to be?
>
>My reading on TCP Wrappers suggests that Firebird can already support
>TCP Wrappers since this functionality can be added via configuration
>changes to the inetd and xinetd services.
>
>The configuration changes ensure that TCP Wrappers are applied to all
>server services, including Firebird.
Reading about tcp wrapper (assuming that's what Rick means by
"tcp-wrapper"), it seems to do pretty much a combination of what you can
configure the Firebird server to do for itself and what you can
configure the tcp service to allow or deny.
It was a rather vague question: what do you want Firebird to do that
it's not doing already? Log requests? Control all accesses to the
server and auxiliary ports? Override keepalive? Something else?
./heLen
------------------------ Yahoo! Groups Sponsor --------------------~-->
Check out the new improvements in Yahoo! Groups email.
http://us.click.yahoo.com/4It09A/fOaOAA/yQLSAA/67folB/TM
--------------------------------------------------------------------~->
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://www.firebirdsql.org and click the Resources item on the
main (top) menu. Try Knowledgebase and FAQ links !
Also search the knowledgebases at http://www.ibphoenix.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Yahoo! Groups - Join or create groups, clubs, forums & communities.
Links
Disclaimer: This message (including attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. RxStrategies, Inc. shall not be liable for the improper or incomplete transmission of the information contained in this communication or for any delay in its receipt or damage to your system. RxStrategies, Inc. does not guarantee that the integrity of this communication has been maintained nor that this communication is free from viruses, interceptions or interference.