| Subject | embedded firebird on Mac/posix without read-write security database |
|---|---|
| Author | Hamish Moffatt |
| Post date | 2014-10-29T02:13Z |
We're embedding Firebird in our application on Mac OSX (both 2.1.x and
2.5.x at different times). But we have trouble with needing write
permission on the security2.fdb security database.
We ship the embedded Firebird, including security2.fdb, inside our
application bundle. We've been able to give all of the application users
read/write access to the included security2.fdb in the past, but this is
increasingly tough with the OSX sandbox, stricter signing of application
resources etc.
If we connect without a username at all, we can manipulate data in our
application database but can't use any DDL; it fails with permission
errors like
SQL> drop table g_class;
Statement failed, SQLSTATE = 42000
unsuccessful metadata update
-ERASE RDB$RELATION_CONSTRAINTS failed
-no permission for control access to TABLE G_CLASS
-<Missing arg #1 - possibly status vector overflow>
What is the best solution for this?
In the archives of this list I found mention of the compile-time
EMBEDDED define which nobbles the security database, but this is meant
to be for the Windows embedded build rather than posix. I didn't try
compiling with this yet.
I could make a read-write copy of security2.fdb somewhere. The security
database location is configurable at compile time, but in the OSX
sandbox environment you don't have any known writable location which
could be hardcoded. So I'd have to hack the embedded server to make that
location configurable at runtime.
Since it's embedded and only used by our application, I absolutely do
not care about database security. So disabling it seems the best bet
rather than having to some how make a writable security database.
Thanks,
Hamish
2.5.x at different times). But we have trouble with needing write
permission on the security2.fdb security database.
We ship the embedded Firebird, including security2.fdb, inside our
application bundle. We've been able to give all of the application users
read/write access to the included security2.fdb in the past, but this is
increasingly tough with the OSX sandbox, stricter signing of application
resources etc.
If we connect without a username at all, we can manipulate data in our
application database but can't use any DDL; it fails with permission
errors like
SQL> drop table g_class;
Statement failed, SQLSTATE = 42000
unsuccessful metadata update
-ERASE RDB$RELATION_CONSTRAINTS failed
-no permission for control access to TABLE G_CLASS
-<Missing arg #1 - possibly status vector overflow>
What is the best solution for this?
In the archives of this list I found mention of the compile-time
EMBEDDED define which nobbles the security database, but this is meant
to be for the Windows embedded build rather than posix. I didn't try
compiling with this yet.
I could make a read-write copy of security2.fdb somewhere. The security
database location is configurable at compile time, but in the OSX
sandbox environment you don't have any known writable location which
could be hardcoded. So I'd have to hack the embedded server to make that
location configurable at runtime.
Since it's embedded and only used by our application, I absolutely do
not care about database security. So disabling it seems the best bet
rather than having to some how make a writable security database.
Thanks,
Hamish