How to restrict connections to the Firebird server or specific database?


There are several ways to do it:

Using the system firewall, you can restrict the users based on their address (and, of course the port number).

If you use Classic on Linux, you can restrict access to the Firebird server by using hosts-allow and hosts-deny files (access control mechanism of xinetd and inetd).

If you use Firebird 2.1 or higher you can use database triggers to prevent connections (just throw an exception inside the ON CONNECT trigger code). This approach gives you finer control as you can set up the restriction on a per-database level (i.e. the same client can connect to one database on the server, but not some other database).

You can use the context variables and monitoring tables inside the trigger to allow or disallow the client access. Here's an example that would disable connections from IP address 192.168.0.12:

CREATE EXCEPTION disallow 'You IP address is not allowed to connect';

create trigger ocTrig1 on connect as
BEGIN
if (exists(select 1 from MON$ATTACHMENTS m where m.MON$ATTACHMENT_ID = CURRENT_CONNECTION and m.MON$REMOTE_ADDRESS = '192.168.0.12'))
then
EXCEPTION disallow;
END

Please note that you must use at least Firebird 2.1 for this to works.


Do you find this FAQ incorrect or incomplete? Please e-mail us what needs to be changed. To ensure quality, each change is checked by our editors (and often tested on live Firebird databases), before it enters the main FAQ database. If you desire so, the changes will be credited to your name. To learn more, visit our add content page.



All contents are copyright © 2007-2024 FirebirdFAQ.org unless otherwise stated in the text.


Links   Firebird   News   FlameRobin   Powered by FB: Home Inventory   Euchre  
Add content   About  

Categories
 Newbies
 SQL
 Installation and setup
 Backup and restore
 Performance
 Security
 Connectivity and API
 HOWTOs
 Errors and error codes
 Miscellaneous