Subject Re: aliases.conf API?
Author Adam
> > ExternalFileAccess = Restrict C:\Program Files\Firebird\Firebird_2_0
> >
> > Then do this:
> >
> > CREATE TABLE aliases
> > external 'c:\program files\firebird\firebird_2_0\aliases.conf'
> > (
> > txt char(1)
> > );
> >
> > 'Select * from aliases' will get you the contents of the aliases file

That is clever. It is also a good lesson to everyone else on why it is
a bad idea to remove all restrictions the location of external tables.
Firebird by default will run as System which means it can open any
file on the hard drive. Firebird at least ships it with a secure setting.

> Sadly, though, when I said Tableau is a client, I meant "Tableau is a
> general purpose horizontal market client" so I can't rally make nay
> assumptions about the server other than requiring it to be 2.0 or
> later...

That doesn't really make sense to me. You say you write client
software making no assumptions about the server, yet in your original
post, you presume that every Firebird database within aliases.conf is
yours to make public and offer a connection to at the decision of a
client computer rather than the DBA. I would check that assumption.

We do have software that parses the aliases.conf, but it requires a
service to be installed on the database server. This service has an
ini file that has the Firebird base path, as well as our applications
base path. Aliases that point to databases outside our base path are
ignored.

It is basically a backup service that makes sure that every database
associated with our products is backed up and (when applicable)
transfered offsite, and is mainly used in our servers for hosted
customers. As soon as a new customer is signed up and their database
is created and an aliases.conf entry created, they will automatically
be added to our backups.

We never actually transfer this list of aliases to a client machine
because we have no need to do so, but we could with about 3 minutes
work create a RemObjects method that did that.

For your customers who want their aliases list to be automatically
discovered by your client, I don't think it is unreasonable for them
to install the 'Tableau Automatic Database Discovery Service' service.
If they don't wish to install this, then they must manually register
the databases they want.

I don't have any objections to Firebird offerring a built in a list
aliases.conf API, providing it is disabled by default. Obscurity is
certainly not security, however it is much harder to break into
something if you don't realise a particular target even exists. For
the majority of people, such a feature has no merit (or you would see
about 50 third party tools filling this gap) and for them, it would be
a potential attack vector with no benefit.

Adam