cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Limit DB-Access (Which Server is allowed to access DB?)

Go to solution
Private_Member_19084
Active Contributor

on ‎05-12-2015 7:29 AM

0 Kudos

Hi experts,

we faced the following issue ( I also opened another thread which is already solved).

We did clone a host on Linux/ASE.

By starting the db on the clone we figured out, that the DB was access on the original host.

(problem was solved by changing interfaces file).

But my question is now, is there no security-configuration which avoids, that each server can access the DB of each server?

Thats a big security-leak, as so each sever is able to access the DB.

Kind regards

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

kimon_moschandreou
Contributor
‎05-12-2015 8:34 AM
0 Kudos

Hi,

If you want to stop the Sybase clioent to connect to an ASE instance on another machine you have to remove the entry of that instance from the interfaces file. However if network access is still possible (access of ASE port on machine A is allowed from machine B) a sybase client can still connect, for example isql can do this

isql -Usa -Psa_password -SmachineA:5000

and it will try to connect to ASE instance running on machineA and listening on port 5000.

So in order to avoid connections from a certain machine you should better configure this on the network level (in firewall probably)

It is possible to do such a thing in the ASE instance but it must be complicated.

Regards,

Kimon

Show replies
Show replies
Private_Member_19084
Active Contributor
‎05-12-2015 10:21 AM
0 Kudos

But there is no limitation in ASE, to define which hosts are allowed to access the DB?

I mean...isn't it a big security-issue?

If you have network access you can access the DB from anywhere (if firewall is not blogging it)?

Kind regards

Private_Member_19084
Active Contributor
‎05-12-2015 10:29 AM
0 Kudos

what about sp_modifylogin?

kimon_moschandreou
Contributor
‎05-12-2015 10:41 AM
0 Kudos

No there is not such a list defined inside the database server. However it sould be implemented, I could consider login triggers, procs run when the user logins into ASE where you could check the client's host.

sp_modifylogin modifies the properties of a login (e.g. default database, number of failed logins before locking etc)

Private_Member_19084
Active Contributor
‎05-12-2015 11:32 AM
0 Kudos

Hello Kimon,

please don't missunderstand my question.

Is it something you definitly know or something you think that is not existing?

Kind regards

kimon_moschandreou
Contributor
‎05-12-2015 11:35 AM
0 Kudos

I am quite sure it does not exist, maybe I have missed it but I don't think this is the case

Answers (1)

Answers (1)

Johan_sapbasis
Active Contributor
‎05-14-2015 12:23 AM
0 Kudos

Hi Christian,

Also just to throw a rock in the bush not entirely related but you may want to consider database encryption if sensitive systems perhaps.

Kind Regards,

Johan

Show replies
Show replies
Ask a Question