Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remote shadows on NT-based systems [CORE1038] #1455

Closed
firebird-automations opened this issue Dec 3, 2006 · 11 comments
Closed

Remote shadows on NT-based systems [CORE1038] #1455

firebird-automations opened this issue Dec 3, 2006 · 11 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: m_Th (m_th)

Assigned to: @samofatov

Relax a bit the parsing engine in order to allow creating remote shadows on Windows LAN ie Create shadow 1 '\\<Server>\<Share>';

Commits: 363cabb 0070f23

@firebird-automations
Copy link
Collaborator Author

Commented by: Mark Jones (mjnz)

The company I am doing some work for at the moment is also interested in doing this. I have done some research and a small change that allows this to work but I came across some additional security issues.

Firstly I see that there is talk about changing the RemoteFileOpenAbility flag in some other threads:
http://sourceforge.net/mailarchive/forum.php?thread_name=46D7F36B.5080005%40xvision.it&forum_name=firebird-devel
http://sourceforge.net/mailarchive/message.php?msg_name=45B883EA.4060301%40insi.yaroslavl.ru

But this flag only current works for NFS shares, and furthermore it has no effect if NO_NFS is defined in the code - which is defined for WIN_NT, FREEBSD, NETBSD, VMS

I am unsure if this RemoteFileOpenAbility change is on anybody's todo list at this point. (if not I would probably be capable of doing it)
If this change was to be done then it should inherently allow shadow files to be able to be placed on remote drives (and so would other types of files like DB files)
This change might have to be for embedded and super server only? Unsure if it would be safe for classic?

But there are some security problems under windows...
Since the fbserver processing is running as a service under the LocalSystem (SYSTEM) account it cannot make a connection through to the network share as it fails with username/password error. Changing the firebird service to run as a different user and giving that user r/w permissions for the remote share - and it all works nicely.
But I am thinking that a another possible solution would be to allow the username/password to be embedded into the share name e.g. user:password@\\server\share\shadowfile and the server can make the connection to the share using the provided credentials.
It has been many years since I have used nfs so unsure if it will suffer a similar problem (but I kind of doubt it)

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

assignee: Dmitry Yemanov [ dimitr ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

Workflow: jira [ 11372 ] => Firebird [ 15408 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

status: Open [ 1 ] => Open [ 1 ]

Target: 2.5.0 [ 10221 ]

Planning Status: Considered for inclusion

Implementation: [Easy]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 2.5 Beta 1 [ 10251 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 3.0.0 [ 10048 ]

Fix Version: 2.5 Beta 1 [ 10251 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @samofatov

assignee: Dmitry Yemanov [ dimitr ] => Nickolay Samofatov [ skidder ]

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.5.0 [ 10221 ]

Fix Version: 3.0.0 [ 10048 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @dyemanov

Fix Version: 2.5 RC1 [ 10362 ]

Version: 2.0.0 [ 10091 ] =>

Fix Version: 2.5.0 [ 10221 ] =>

@firebird-automations
Copy link
Collaborator Author

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

QA Status: No test

@firebird-automations
Copy link
Collaborator Author

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test => Cannot be tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant