firebird security (in russian) at ansoft'2008 conference
TRANSCRIPT
Firebird SQL database Security (in Russian)
Firebird Linux.
Firebird
(Firebird Foundation)peshkoff at mail.ru
Firebird Linux
- Firebird Unix-
Firebird
API,
Firebird Linux
Linux: Firebird, Unix- (SHADOW NFS)
,
Firebird Linux
:
Firebird Linux
Firebird Linux : Classic SuperServer
, Linux
Sourceforge.net
Firebird Linux
inetd / xinetd -
Firebird
Firebird Linux
, LinuxBugcheckAbort
LockMemSize, EventMemSize -
RemoteFileOpenAbility NFS
Firebird Linux
, Linux ( 2.5)LockSemCount
LockSignal UNIX-,
Firebird
,
, -
Firebird
InterBase ( , )
Windows 3.X
Windows NT, 3.X
OSRI
OSRI (Open System Relational Interface)
YvalveNetwork listener/ (isql)
Engine8_12Engine13Network redirector
Firebird
1.0 2002 , politically correct
1.5 2004 , root linux ( windows)
SQL- (External Table + UDF)
Firebird
2.0 2006 ,
-
Firebird
2.1 -
Windows Firebird (Trusted Authentication)
- Firebird 2.5
( 32 )
- Firebird 2.5
SQL
GRANT REVOKE
RDB$ADMIN
(windows) RDB$ADMIN
- Firebird 2.5
SQL
CREATE USER name PASSWORD 'pw' FIRSTNAME 'first' MIDDLENAME 'middle' LASTNAME 'last'
ALTER USER name PASSWORD 'pw' FIRSTNAME 'first' MIDDLENAME 'middle' LASTNAME 'last'
DROP USER name
- Firebird 2.5
SQL
2.5 security2.fdb
Alter User - , SYSDBA
GRANTED BY GRANT REVOKE SYSDBA ,
SQL-
SQL
- Firebird 2.5
GRANTED BY:
sysdba:CREATE ROLE role1;GRANT role1 TO user1 WITH ADMIN OPTION;
user1:GRANT role1 TO PUBLIC;
sysdba:REVOKE role1 FROM PUBLIC GRANTED BY user1;
- Firebird 2.5
REVOKE
REVOKE ALL ON ALL FROM
,
# gsec -del GUEST1# isql employeeSQL> REVOKE ALL ON ALL FROM GUEST1;
- Firebird 2.5
- Firebird 2.5
RDB$ADMIN
GRANT RDB$ADMIN TO GUEST1 RDB$ADMIN GUEST1 (SYSDBA)
REVOKE RDB$ADMIN FROM GUEST1
- Firebird 2.5
RDB$ADMIN
ALTER ROLE RDB$ADMIN SET / DROP AUTO ADMIN MAPPING Firebird 3 (, ) (, )
Firebird 3. ()
- ( )
-
Firebird 3. ()
FileName = $(root)/db/data1.fdb Security = $(root)/db/secure.fdb
FileName = /raid/data.fdb Security = self
FileName = $(arg0) Security = $(root)/security2.fdb
Firebird 3. ()
-
Trusted authentication 2.1
Trusted : public , private
LDAP, PAM ..
CHAP
Firebird 3. ()
SQLALTER ROLE name ADD OS_NAME 'os_name'
ALTER USER name ADD OS_NAME 'os_name'
ALTER ROLE name DROP OS_NAME 'os_name'
ALTER USER name DROP OS_NAME 'os_name'
!
www.firebirdsql.org