Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Advertise list of databases via aliases.conf [CORE3527] #3884

Open
firebird-automations opened this issue Jun 17, 2011 · 8 comments
Open

Advertise list of databases via aliases.conf [CORE3527] #3884

firebird-automations opened this issue Jun 17, 2011 · 8 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: JimBeam (jimbeam)

Votes: 2

As discussed in http://sourceforge.net/mailarchive/message.php?msg_id=27353311

What: keep track of databases (via configuration in aliases.conf) and present/advertise that in a system view/table and/or via services API.
(Discussion on security implications lead to preference for services API)
If enabled, this allows users to query which databases are present on a server.

========================================================================
Why: developers/end users can more easily choose and connect to a database on a Firebird server, even point and click. See pros below.

========================================================================
Pros:
- Ease of use for end users:
-- Their applications can be modified to provide point and click GUI connection options: avoids typos, extra documentation, looking up aliases, and bothering IT staff.

- Ease of use for developers:
-- In house apps that keep track of databases can be converted
-- Drivers such as http://Firebird.Net driver can add schema support (for databases), e.g. for support of the SharpDevelop database plugin and better support for Visual Studio.
-- As mentioned above, developers can use adapted drivers in GUI/RAD environments to connect to a database by visually selecting it. Avoids typos, extra documentation, and looking up aliases.

Cons:
- Increased code complexity/maintenance
- Security issue: leakage of information on databases present on system.
- Security issue: denial of service/brute force attacks with by bruteforcing database aliases has increased impact (due to more code executing).

Remediation for both security issues: disable advertising by default; admin has to edit aliases.conf to show a database.
Also, restrict access to people with SYSDBA.

========================================================================
Ideas for implementation:

Must have for this feature to be usable:

1.1 Aliases.conf extends notation from e.g.
dummy = c:\data\dummy.fdb
to something like
dummy = c:\data\dummy.fdb;advertise=yes

1.2 System view/table like RDB$DATABASES and/or services API function that returns the list of alias names. This allows devs/end users to query this to get an overview of databases on the server.

1.3 Determine what should happen if a DROP DATABASE command is committed for one of the advertised dbs.

Nice to have:
2.1 Not only advertise database name from aliases, but also things the engine reads on connection (e.g. page size, charset,...), possibly file location (only accessible to server SYSDBA for security)

========================================================================
Note: Thomas Steinmaurer mentioned that in InterBase 7.5 and up, this functionality is provided by a table called DB_ALIAS in the security database; see e.g. http://www.gvsnet.nl/ibconsole/using_aliases_in_IBConsole.pdf

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Before adding such a feature request it would be very good idea to discuss it in fb-devel list.

@firebird-automations
Copy link
Collaborator Author

Commented by: JimBeam (jimbeam)

Done on 13 April of this year, see thread 'Feature request: database registration via aliases.conf, databases system table support', as mentioned via http://sourceforge.net/mailarchive/message.php?msg_id=27353311

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

In that case let me notice that in that discussion it was decided to:
- use services API,
- do not do something when DROP DATABASE is done,
- never show something except alias name and possible description of it.

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Commented by: Lester Caine (lsces)

While it is probably taken as read ....
This would be a facility that needed switching on in firebird.conf and would be off by default!

If someone wants to use it then like some of the other questionable functions then need to well aware why they are doing it.
Personally I can't see any reason for publishing a list of available databases at THAT level - Flamerobin and Eclipse provide just the level of database management I need, and where I have a range of separate databases ( the address information archive for example ) then managing them from within the application with my own table seems much more sensible?

One nice thing about Firebird is the fact that it is quiet in it's responses to random attacks.

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Lester, I see switching on/off it in firebird.conf and aliases.conf in the following way.

We already have in trunk per-database configuration options in aliases.conf, which may override default from firebird.conf. Same schema for advertise. In firebird.conf:
#⁠ Advertise=0
by default, but people can turn it on globally. And in each alias one can control specific behavior for given alias. For example, even with
Advertise=1
in firebird.conf, it's possible to have in aliases.conf:
TopSecret = /path/to/very/important/database.fdb
{
Advertise=0
}

This can even become a minor security benefit - we show some aliases, but nobody knows about really important things.

@firebird-automations
Copy link
Collaborator Author

Commented by: Sean Leyne (seanleyne)

Edited for readability

@firebird-automations
Copy link
Collaborator Author

Modified by: Sean Leyne (seanleyne)

description: As discussed in http://sourceforge.net/mailarchive/message.php?msg_id=27353311

What: keep track of databases (via configuration in aliases.conf)
and present/advertise that in a system view/table and/or via services API.
(Discussion on security implications lead to preference for services API)
If enabled, this allows users to query which databases are present on a server.

========================================================================
Why: developers/end users can more easily choose and connect to a
database on a Firebird server, even point and click. See pros below.

========================================================================
Pros:
- Ease of use for end users:
-- Their applications can be modified to provide point and click GUI
connection options: avoids typos, extra documentation, looking up
aliases, and bothering IT staff.

- Ease of use for developers:
-- In house apps that keep track of databases can be converted
-- Drivers such as http://Firebird.Net driver can add schema support (for databases), e.g. for support of the
SharpDevelop database plugin and better support for Visual Studio.
-- As mentioned above, developers can use adapted drivers in GUI/RAD
environments to connect to a database by visually selecting it. Avoids
typos, extra documentation, and looking up aliases.

Cons:
- Increased code complexity/maintenance
- Security issue: leakage of information on databases present on system.
- Security issue: denial of service/brute force attacks with by bruteforcing database aliases has increased impact (due to more code executing).

Remediation for both security issues: disable advertising by default; admin has to edit aliases.conf to show a database.
Also, restrict access to people with SYSDBA.

========================================================================
Ideas for implementation:

Must have for this feature to be usable:
1.1 Aliases.conf extends notation from e.g.
dummy = c:\data\dummy.fdb
to something like
dummy = c:\data\dummy.fdb;advertise=yes

1.2 System view/table like RDB$DATABASES and/or services API function that returns the list of alias
names. This allows devs/end users to query this to get an overview of databases on the server.

1.3 Determine what should happen if a DROP DATABASE command is committed for one of the advertised dbs.

Nice to have:
2.1 Not only advertise database name from aliases, but also things the
engine reads on connection (e.g. page size, charset,...), possibly file
location (only accessible to server SYSDBA for security)

========================================================================
Note: Thomas Steinmaurer mentioned that in InterBase 7.5 and up, this functionality is provided by a table called DB_ALIAS in the security
database; see e.g. http://www.gvsnet.nl/ibconsole/using_aliases_in_IBConsole.pdf

=>

As discussed in http://sourceforge.net/mailarchive/message.php?msg_id=27353311

What: keep track of databases (via configuration in aliases.conf) and present/advertise that in a system view/table and/or via services API.
(Discussion on security implications lead to preference for services API)
If enabled, this allows users to query which databases are present on a server.

========================================================================
Why: developers/end users can more easily choose and connect to a database on a Firebird server, even point and click. See pros below.

========================================================================
Pros:
- Ease of use for end users:
-- Their applications can be modified to provide point and click GUI connection options: avoids typos, extra documentation, looking up aliases, and bothering IT staff.

- Ease of use for developers:
-- In house apps that keep track of databases can be converted
-- Drivers such as http://Firebird.Net driver can add schema support (for databases), e.g. for support of the SharpDevelop database plugin and better support for Visual Studio.
-- As mentioned above, developers can use adapted drivers in GUI/RAD environments to connect to a database by visually selecting it. Avoids typos, extra documentation, and looking up aliases.

Cons:
- Increased code complexity/maintenance
- Security issue: leakage of information on databases present on system.
- Security issue: denial of service/brute force attacks with by bruteforcing database aliases has increased impact (due to more code executing).

Remediation for both security issues: disable advertising by default; admin has to edit aliases.conf to show a database.
Also, restrict access to people with SYSDBA.

========================================================================
Ideas for implementation:

Must have for this feature to be usable:

1.1 Aliases.conf extends notation from e.g.
dummy = c:\data\dummy.fdb
to something like
dummy = c:\data\dummy.fdb;advertise=yes

1.2 System view/table like RDB$DATABASES and/or services API function that returns the list of alias names. This allows devs/end users to query this to get an overview of databases on the server.

1.3 Determine what should happen if a DROP DATABASE command is committed for one of the advertised dbs.

Nice to have:
2.1 Not only advertise database name from aliases, but also things the engine reads on connection (e.g. page size, charset,...), possibly file location (only accessible to server SYSDBA for security)

========================================================================
Note: Thomas Steinmaurer mentioned that in InterBase 7.5 and up, this functionality is provided by a table called DB_ALIAS in the security database; see e.g. http://www.gvsnet.nl/ibconsole/using_aliases_in_IBConsole.pdf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants