on 05-12-2015 7:29 AM
Hi experts,
we faced the following issue ( I also opened another thread which is already solved).
We did clone a host on Linux/ASE.
By starting the db on the clone we figured out, that the DB was access on the original host.
(problem was solved by changing interfaces file).
But my question is now, is there no security-configuration which avoids, that each server can access the DB of each server?
Thats a big security-leak, as so each sever is able to access the DB.
Kind regards
Hi,
If you want to stop the Sybase clioent to connect to an ASE instance on another machine you have to remove the entry of that instance from the interfaces file. However if network access is still possible (access of ASE port on machine A is allowed from machine B) a sybase client can still connect, for example isql can do this
isql -Usa -Psa_password -SmachineA:5000
and it will try to connect to ASE instance running on machineA and listening on port 5000.
So in order to avoid connections from a certain machine you should better configure this on the network level (in firewall probably)
It is possible to do such a thing in the ASE instance but it must be complicated.
Regards,
Kimon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No there is not such a list defined inside the database server. However it sould be implemented, I could consider login triggers, procs run when the user logins into ASE where you could check the client's host.
sp_modifylogin modifies the properties of a login (e.g. default database, number of failed logins before locking etc)
Hi Christian,
Also just to throw a rock in the bush not entirely related but you may want to consider database encryption if sensitive systems perhaps.
Kind Regards,
Johan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.