Subject | FB 3 - Per database configurations (Providers and Security Database vs Legacy Auth) |
---|---|
Author | Alexandre Benson Smith |
Post date | 2016-07-07T04:25:44Z |
Hi !
I am looking at the per-database configuration (FB 3) and have two doubts:
I defined my databases.conf like:
demo_naolocal=c:\bd\demo_naolocal.fdb
{
Providers = Remote,Loopback
}
after that on the same machine I tryed:
C:\fb3>isql demo_naolocal -user teste -password abc
Statement failed, SQLSTATE = 08001
I/O error during "CreateFile (open)" operation for file "demo_naolocal"
-Error while trying to open file
-O sistema não pode encontrar o arquivo especificado. (Translates to:
The system could not find the specified file)
Use CONNECT or CREATE DATABASE to specify a database
SQL> quit;
C:\fb3>isql localhost/3053:demo_naolocal -user teste -password abc
Statement failed, SQLSTATE = 08001
unavailable database
Use CONNECT or CREATE DATABASE to specify a database
SQL>
I expected the first one to fail and the second to succeed.
On the release notes page 18 I found this:
--------------------------------
Disable embedded connections
If you don't want any type of direct access, you may disable embedded
mode (= direct filesystem-level
access) altogether by opening firebird.conf and locating the Providers
entry. The default (which is
probably commented out) is:
#Providers = Remote,Engine12,Loopback
Now, either remove the hash mark and the Engine12 provider (this is the
one that makes the embedded
connections), or – better – add an uncommented line:
Providers = Remote,Loopback
The Remote provider takes care of remote connections; the Loopback
provider is responsible for TCP/IP
connections via localhost, as well as (on Windows) WNET/NetBEUI and XNET
connections to databases
on the local machine. All these connection types require full
authentication and have the server process, not
the user process, open the database file.
Please notice that you can also set the Providers parameter on a
per-database basis. You can set a default
in firebird.conf as shown above, and then override it for individual
databases in databases.conf
like this:
bigbase = C:\Databases\Accounting\Biggus.fdb
{
Providers = Engine12,Loopback
}
--------------------------------
if I change the databases.conf to:
demo_naolocal=c:\bd\demo_naolocal.fdb
{
Providers = Remote,Loopback,Engine12
}
I can connect with both alternatives.
C:\fb3>isql demo_naolocal -user teste -password abc
Database: demo_naolocal, User: TESTE
SQL> quit;
C:\fb3>isql localhost/3053:demo_naolocal -user teste -password abc
Database: localhost/3053:demo_naolocal, User: TESTE
SQL> quit;
C:\fb3>
What I am doing wrong ?
The second doubt is regarding per-database security vs Legacy User Manager
I have on databases.conf the following entry:
demo_s2=c:\bd\demo_s2.fdb
{
SecurityDatabase = demo_s2
}
SQL> create user t4 password 't4' using plugin legacy_usermanager;
Statement failed, SQLSTATE = 42S02
add record error
-table PLG$VIEW_USERS is not defined
SQL>
I can create SRP users without a problem, my question is:
Is it possible to have legacy users stored on a database distinct from
security3.fdb ? if so... I just need to create the missing view ?
SQL> show view plg$view_users;
PLG$USER_NAME (SEC$USER_NAME) VARCHAR(31) CHARACTER
SET UNICOD
E_FSS Not Null
PLG$GROUP_NAME (SEC$USER_NAME) VARCHAR(31) CHARACTER
SET UNICOD
E_FSS Nullable
PLG$UID (PLG$ID) INTEGER Nullable
PLG$GID (PLG$ID) INTEGER Nullable
PLG$PASSWD (PLG$PASSWD) VARCHAR(64) CHARACTER SET
OCTETS No
t Null
PLG$COMMENT (RDB$DESCRIPTION) BLOB segment 80,
subtype TEXT
CHARACTER SET UNICODE_FSS Nullable
PLG$FIRST_NAME (SEC$NAME_PART) VARCHAR(32) CHARACTER
SET UNICOD
E_FSS Nullable
PLG$MIDDLE_NAME (SEC$NAME_PART) VARCHAR(32) CHARACTER
SET UNICOD
E_FSS Nullable
PLG$LAST_NAME (SEC$NAME_PART) VARCHAR(32) CHARACTER
SET UNICOD
E_FSS Nullable
View Source:
==== ======
SELECT PLG$USER_NAME, PLG$GROUP_NAME, PLG$UID, PLG$GID, PLG$PASSWD,
PLG$COMMENT, PLG$FIRST_NAME, PLG$MIDDLE_NAME, PLG$LAST_NAME
FROM PLG$USERS
WHERE CURRENT_USER = 'SYSDBA'
OR CURRENT_ROLE = 'RDB$ADMIN'
OR CURRENT_USER = PLG$USERS.PLG$USER_NAME
SQL>
TIA
see you !
I am looking at the per-database configuration (FB 3) and have two doubts:
I defined my databases.conf like:
demo_naolocal=c:\bd\demo_naolocal.fdb
{
Providers = Remote,Loopback
}
after that on the same machine I tryed:
C:\fb3>isql demo_naolocal -user teste -password abc
Statement failed, SQLSTATE = 08001
I/O error during "CreateFile (open)" operation for file "demo_naolocal"
-Error while trying to open file
-O sistema não pode encontrar o arquivo especificado. (Translates to:
The system could not find the specified file)
Use CONNECT or CREATE DATABASE to specify a database
SQL> quit;
C:\fb3>isql localhost/3053:demo_naolocal -user teste -password abc
Statement failed, SQLSTATE = 08001
unavailable database
Use CONNECT or CREATE DATABASE to specify a database
SQL>
I expected the first one to fail and the second to succeed.
On the release notes page 18 I found this:
--------------------------------
Disable embedded connections
If you don't want any type of direct access, you may disable embedded
mode (= direct filesystem-level
access) altogether by opening firebird.conf and locating the Providers
entry. The default (which is
probably commented out) is:
#Providers = Remote,Engine12,Loopback
Now, either remove the hash mark and the Engine12 provider (this is the
one that makes the embedded
connections), or – better – add an uncommented line:
Providers = Remote,Loopback
The Remote provider takes care of remote connections; the Loopback
provider is responsible for TCP/IP
connections via localhost, as well as (on Windows) WNET/NetBEUI and XNET
connections to databases
on the local machine. All these connection types require full
authentication and have the server process, not
the user process, open the database file.
Please notice that you can also set the Providers parameter on a
per-database basis. You can set a default
in firebird.conf as shown above, and then override it for individual
databases in databases.conf
like this:
bigbase = C:\Databases\Accounting\Biggus.fdb
{
Providers = Engine12,Loopback
}
--------------------------------
if I change the databases.conf to:
demo_naolocal=c:\bd\demo_naolocal.fdb
{
Providers = Remote,Loopback,Engine12
}
I can connect with both alternatives.
C:\fb3>isql demo_naolocal -user teste -password abc
Database: demo_naolocal, User: TESTE
SQL> quit;
C:\fb3>isql localhost/3053:demo_naolocal -user teste -password abc
Database: localhost/3053:demo_naolocal, User: TESTE
SQL> quit;
C:\fb3>
What I am doing wrong ?
The second doubt is regarding per-database security vs Legacy User Manager
I have on databases.conf the following entry:
demo_s2=c:\bd\demo_s2.fdb
{
SecurityDatabase = demo_s2
}
SQL> create user t4 password 't4' using plugin legacy_usermanager;
Statement failed, SQLSTATE = 42S02
add record error
-table PLG$VIEW_USERS is not defined
SQL>
I can create SRP users without a problem, my question is:
Is it possible to have legacy users stored on a database distinct from
security3.fdb ? if so... I just need to create the missing view ?
SQL> show view plg$view_users;
PLG$USER_NAME (SEC$USER_NAME) VARCHAR(31) CHARACTER
SET UNICOD
E_FSS Not Null
PLG$GROUP_NAME (SEC$USER_NAME) VARCHAR(31) CHARACTER
SET UNICOD
E_FSS Nullable
PLG$UID (PLG$ID) INTEGER Nullable
PLG$GID (PLG$ID) INTEGER Nullable
PLG$PASSWD (PLG$PASSWD) VARCHAR(64) CHARACTER SET
OCTETS No
t Null
PLG$COMMENT (RDB$DESCRIPTION) BLOB segment 80,
subtype TEXT
CHARACTER SET UNICODE_FSS Nullable
PLG$FIRST_NAME (SEC$NAME_PART) VARCHAR(32) CHARACTER
SET UNICOD
E_FSS Nullable
PLG$MIDDLE_NAME (SEC$NAME_PART) VARCHAR(32) CHARACTER
SET UNICOD
E_FSS Nullable
PLG$LAST_NAME (SEC$NAME_PART) VARCHAR(32) CHARACTER
SET UNICOD
E_FSS Nullable
View Source:
==== ======
SELECT PLG$USER_NAME, PLG$GROUP_NAME, PLG$UID, PLG$GID, PLG$PASSWD,
PLG$COMMENT, PLG$FIRST_NAME, PLG$MIDDLE_NAME, PLG$LAST_NAME
FROM PLG$USERS
WHERE CURRENT_USER = 'SYSDBA'
OR CURRENT_ROLE = 'RDB$ADMIN'
OR CURRENT_USER = PLG$USERS.PLG$USER_NAME
SQL>
TIA
see you !