Issue Details (XML | Word | Printable)

Key: CORE-3527
Type: New Feature New Feature
Status: Open Open
Priority: Minor Minor
Assignee: Alexander Peshkov
Reporter: JimBeam
Votes: 2
Watchers: 5
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Advertise list of databases via aliases.conf

Created: 17/Jun/11 03:57 AM   Updated: 17/Jun/11 03:23 PM
Component/s: Engine
Affects Version/s: 3.0 Alpha 1
Fix Version/s: None

Environment: All


 Description  « Hide
As discussed in http://sourceforge.net/mailarchive/message.php?msg_id=27353311

What: keep track of databases (via configuration in aliases.conf) and present/advertise that in a system view/table and/or via services API.
(Discussion on security implications lead to preference for services API)
If enabled, this allows users to query which databases are present on a server.

========================================================================
Why: developers/end users can more easily choose and connect to a database on a Firebird server, even point and click. See pros below.

========================================================================
Pros:
- Ease of use for end users:
-- Their applications can be modified to provide point and click GUI connection options: avoids typos, extra documentation, looking up aliases, and bothering IT staff.

- Ease of use for developers:
-- In house apps that keep track of databases can be converted
-- Drivers such as Firebird.Net driver can add schema support (for databases), e.g. for support of the SharpDevelop database plugin and better support for Visual Studio.
-- As mentioned above, developers can use adapted drivers in GUI/RAD environments to connect to a database by visually selecting it. Avoids typos, extra documentation, and looking up aliases.

Cons:
- Increased code complexity/maintenance
- Security issue: leakage of information on databases present on system.
- Security issue: denial of service/brute force attacks with by bruteforcing database aliases has increased impact (due to more code executing).

Remediation for both security issues: disable advertising by default; admin has to edit aliases.conf to show a database.
Also, restrict access to people with SYSDBA.

========================================================================
Ideas for implementation:

Must have for this feature to be usable:

1.1 Aliases.conf extends notation from e.g.
    dummy = c:\data\dummy.fdb
    to something like
    dummy = c:\data\dummy.fdb;advertise=yes

1.2 System view/table like RDB$DATABASES and/or services API function that returns the list of alias names. This allows devs/end users to query this to get an overview of databases on the server.

1.3 Determine what should happen if a DROP DATABASE command is committed for one of the advertised dbs.

Nice to have:
2.1 Not only advertise database name from aliases, but also things the engine reads on connection (e.g. page size, charset,...), possibly file location (only accessible to server SYSDBA for security)

========================================================================
Note: Thomas Steinmaurer mentioned that in InterBase 7.5 and up, this functionality is provided by a table called DB_ALIAS in the security database; see e.g. http://www.gvsnet.nl/ibconsole/using_aliases_in_IBConsole.pdf


 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Peshkov added a comment - 17/Jun/11 07:15 AM
Before adding such a feature request it would be very good idea to discuss it in fb-devel list.

JimBeam added a comment - 17/Jun/11 07:47 AM
Done on 13 April of this year, see thread 'Feature request: database registration via aliases.conf, databases system table support', as mentioned via http://sourceforge.net/mailarchive/message.php?msg_id=27353311

Alexander Peshkov added a comment - 17/Jun/11 08:12 AM - edited
In that case let me notice that in that discussion it was decided to:
- use services API,
- do not do something when DROP DATABASE is done,
- never show something except alias name and possible description of it.


Lester Caine added a comment - 17/Jun/11 08:29 AM
While it is probably taken as read ....
This would be a facility that needed switching on in firebird.conf and would be off by default!

If someone wants to use it then like some of the other questionable functions then need to well aware why they are doing it.
Personally I can't see any reason for publishing a list of available databases at THAT level - Flamerobin and Eclipse provide just the level of database management I need, and where I have a range of separate databases ( the address information archive for example ) then managing them from within the application with my own table seems much more sensible?

One nice thing about Firebird is the fact that it is quiet in it's responses to random attacks.

Alexander Peshkov added a comment - 17/Jun/11 09:00 AM
Lester, I see switching on/off it in firebird.conf and aliases.conf in the following way.

We already have in trunk per-database configuration options in aliases.conf, which may override default from firebird.conf. Same schema for advertise. In firebird.conf:
# Advertise=0
by default, but people can turn it on globally. And in each alias one can control specific behavior for given alias. For example, even with
Advertise=1
in firebird.conf, it's possible to have in aliases.conf:
TopSecret = /path/to/very/important/database.fdb
{
   Advertise=0
}

This can even become a minor security benefit - we show some aliases, but nobody knows about really important things.

Sean Leyne added a comment - 17/Jun/11 03:23 PM
Edited for readability