Having external code and data that are accessed by the server can present a security vulnerability if the server’s filesystem is inadequately protected from intruders or is exposed through holes in the network. These external pieces can be made less vulnerable by configuring restrictions on where the Firebird engine may access them. The capability to deny access to unrecognized locations helps in the overall task of securing the filesystem and the network.
Settings in the Configuration File
The Firebird configuration file, as discussed earlier in this chapter, provides settings for restricting access to external function libraries, BLOB filter modules, and data files linked to tables defined using CREATE TABLE.<table-name> EXTERNAL (external tables or EVTs). The settings for Firebird 1.5, in firebird.conf, are different from those for Firebird 1.0.x, in isc_config (POSIX) or ibconfig (Windows).
The v.1.5 configuration applies to any model of the v.1.5 server. The v.1.0.x configuration applies only to Superserver.
Version 1.5 forward, in firebird.conf This parameter is used to restrict access to external function libraries and BLOB filter modules, perceived as a potential target for malicious intruder attacks. You can elect one of three levels of access to all such modules, to be applied serverwide. Before v.1.5, it was regarded as a benefit to be able to store external modules in multiple filesystem locations. It is now recommended that they be limited to a single tree or, in very exposed situations, disallowed altogether.
UdfAccess may be None, Restrict, or Full.
Relative paths are treated as relative to the path that the running server recognizes as the root directory of the Firebird installation. For example, on Windows, if the root of the Firebird installation is C:\Program Files\ Firebird\ Firebird _1 _5, then the following value will restrict the server to accessing external files only if they are located in C:\Program Files\Firebird\Firebird_1_5\userdata\extern: UDFAccess = Restrict userdata\ExternalModules
Firebird 1.0.x, in isc_config/ibconfig
This parameter can be used in v.1.0.x to specify an arbitrary number of locations for external function libraries, BLOB filters, and/or character set modules. If this configuration parameter does not exist, Firebird checks the subdirectories ..\udf or..\intl beneath the path that the running server recognizes as the root directory of the Firebird installation. These are some examples:external_function_directory <double-quoted directory path> external_function_directory "/opt/firebird/my_functions" external_function_directory "/opt/extlibs/lang" external_function_directory "d:\udfdir"
Version 1.5 forward, in firebird.conf
This parameter provides three levels of security regarding external files accessed from within the database through tables. The value is a string, which may be None, Full, or Restrict.
Relative paths are treated as relative to the path that the running server recognizes as the root directory of the Firebird installation.
For example, on Windows, if the root that the running server recognizes as the root directory of the Firebird installation is C:\Program Files\Firebird, then the following value will restrict the server to accessing external files only if they are located in C:\Program Files\Firebird\userdata\ExternalTables:ExternalFileAccess = Restrict userdata\ExternalTables
The following entry on POSIX will restrict access to only files located in or beneath /exportdata or /importdata:ExternalFileAccess = Restrict /exportdata;/importdata
Firebird 1.0.x, in ibconfig
On Windows only, this is for concentrating external files into one or more restricted locations. There is no limit to the number of directories that can be in the search list. Make a one-line entry per directory as follows:external_file_directory <double-quoted directory path> external_file_directory "d:\x-files"
Firebird Related Interview Questions
|RDBMS Interview Questions||MySQL Interview Questions|
|Linux Interview Questions||Mac OS X Deployment Interview Questions|
|Windows Administration Interview Questions||Windows Server 2003 Interview Questions|
|SQL Interview Questions||NoSQL Interview Questions|
|Advanced C++ Interview Questions|
All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.