J
jqw
Unregistered / Unconfirmed
GUEST, unregistred user!
I am not interested in it
季
季晓峰
Unregistered / Unconfirmed
GUEST, unregistred user!
Interbase还可以,没有那么差
R
richar
Unregistered / Unconfirmed
GUEST, unregistred user!
尤其是UDF,程序员开发用IB,可以充分发挥想象力,是个不错的选择。。。
E
eyes4
Unregistered / Unconfirmed
GUEST, unregistred user!
小弟我刚加入使用interbase的行列,以上的贴子让我受益非浅,感谢各位大虾米。
J
jwang
Unregistered / Unconfirmed
GUEST, unregistred user!
到底是该用INTERBASE ,还是用MS SQL
我一直在犹豫。。。。。。
苦恼!!!!!
我一直在犹豫。。。。。。
苦恼!!!!!
笑
笑傲江湖
Unregistered / Unconfirmed
GUEST, unregistred user!
兴趣颇高
D
DoubleWood
Unregistered / Unconfirmed
GUEST, unregistred user!
to 3hsoft:
Interbase怎么可能会那么慢?我的数据库有500万的记录查
个包含1-2万条记录的东西也不要1分钟。
interbase 性能其实非常不错
Interbase怎么可能会那么慢?我的数据库有500万的记录查
个包含1-2万条记录的东西也不要1分钟。
interbase 性能其实非常不错
郭
郭玉梁
Unregistered / Unconfirmed
GUEST, unregistred user!
to小猪:
不对吧,我听说是Sybase和Sql Server原来一起开发,后来Sybase走小型机的路子,
而Sql Server走PC。不信你看Sybase和Sql Server多象,无论界面还是语句。而
Interbase和Oracle比较象(语句)。
不对吧,我听说是Sybase和Sql Server原来一起开发,后来Sybase走小型机的路子,
而Sql Server走PC。不信你看Sybase和Sql Server多象,无论界面还是语句。而
Interbase和Oracle比较象(语句)。
S
sportsman
Unregistered / Unconfirmed
GUEST, unregistred user!
R
richar
Unregistered / Unconfirmed
GUEST, unregistred user!
刚刚做了一个简单测试,IB6 VS SQLSERVER2000标准版
10000条记录的插入,使用IBSQL的效率比ADO COMMAND的效率高10%,比ADOQUERY高10倍!
10000条记录的插入,使用IBSQL的效率比ADO COMMAND的效率高10%,比ADOQUERY高10倍!
K
kingqc
Unregistered / Unconfirmed
GUEST, unregistred user!
我同意,interbase非常不错,但安全性上好像有待改进
R
richar
Unregistered / Unconfirmed
GUEST, unregistred user!
中型应用非常适合,尤其在容易引起版权纠纷的项目。
目前的问题:在有客户端连接时,直接覆盖数据库*.GDB文件有时会引起文件错误,
不过在实际应用中很少有这种情况,开发时痛苦一些。由此推导:直接拷贝*.GDB
文件备份的方法也许会不可靠。
目前的问题:在有客户端连接时,直接覆盖数据库*.GDB文件有时会引起文件错误,
不过在实际应用中很少有这种情况,开发时痛苦一些。由此推导:直接拷贝*.GDB
文件备份的方法也许会不可靠。
B
barton
Unregistered / Unconfirmed
GUEST, unregistred user!
非常感谢这么多朋友对我问题的关注。我准备结束我个问题。
D
djdsz
Unregistered / Unconfirmed
GUEST, unregistred user!
IB6有经过Borland验证后的版本的,不过要收费。
现在的superserver是single process multi thread的,
收费的是multi process multi thread。性能和稳定性要高很多(听说罢了,我也只能用Open Source的)
我现在不懂这样一点,在Interbase中怎样实现动态SQL?特别是在存储过程中。就象MSSQL的
Exec("sql statment")一样
现在的superserver是single process multi thread的,
收费的是multi process multi thread。性能和稳定性要高很多(听说罢了,我也只能用Open Source的)
我现在不懂这样一点,在Interbase中怎样实现动态SQL?特别是在存储过程中。就象MSSQL的
Exec("sql statment")一样
P
pillgrim
Unregistered / Unconfirmed
GUEST, unregistred user!
大家请看清华bbs上的一篇文章:
Borland一贯赶潮流,这次Open Source的潮流自然也没有放过。
这不,InterBase也开放源代码了,不可谓不政治正确。
可惜有时候政治以正确,问题就出来了,捂了六年之久的一个Security
Hole在Open Source年代终于让人家揪出来了。要是不Open Source,
哪来的这种事情?
看看你的InterBase,无论是4.0, 5.0还是6。0也无论是Windows版还是
Linux版,看看它是不是有politically/correct
==================================
然后突然想起CERT前些日子发的通告
呵呵,如果MS的东西也开源,不知道会被人找出多
少个漏洞出来
)
CERT Advisory CA-2001-01 Interbase Server Contains Compiled-in Back Door
Account
Original release date: January 10, 2001
Last revised: --
Source: CERT/CC
A complete revision history is at the end of this file.
Systems Affected
* Borland/Inprise Interbase 4.x and 5.x
* Open source Interbase 6.0 and 6.01
* Open source Firebird 0.9-3 and earlier
Overview
Interbase is an open source database package that had previously been
distributed in a closed source fashion by Borland/Inprise. Both the
open and closed source verisions of the Interbase server contain a
compiled-in back door account with a known password.
I. Description
Interbase is an open source database package that is distributed by
Borland/Inprise at http://www.borland.com/interbase/ and on
SourceForge. The Firebird Project, an alternate Interbase package, is
also distributed on SourceForge. The Interbase server for both
distributions contains a compiled-in back door account with a fixed,
easily located plaintext password. The password and account are
contained in source code and binaries previously made available at the
following sites:
http://www.borland.com/interbase/
http://sourceforge.net/projects/interbase
http://sourceforge.net/projects/firebird
http://firebird.sourceforge.net
http://www.ibphoenix.com
http://www.interbase2000.com
This back door allows any local user or remote user able to access
port 3050/tcp [gds_db] to manipulate any database object on the
system. This includes the ability to install trapdoors or other trojan
horse software in the form of stored procedures. In addition, if the
database software is running with root privileges, then any file on
the server's file system can be overwritten, possibly leading to
execution of arbitrary commands as root.
This vulnerability was not introduced by unauthorized modifications to
the original vendor's source. It was introduced by maintainers of the
code within Borland. The back door account password cannot be changed
using normal operational commands, nor can the account be deleted from
existing vulnerable servers [see References].
This vulnerability has been assigned the identifier CAN-2001-0008 by
the Common Vulnerabilities and Exposures (CVE) group:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0008
The CERT/CC has not received reports of this back door being exploited
at the current time. We do recommend, however, that all affected sites
and redistributors of Interbase products or services follow the
recommendations suggested in Section III, as soon as possible due to
the seriousness of this issue.
II. Impact
Any local user or remote user able to access port 3050/tcp [gds_db]
can manipulate any database object on the system. This includes the
ability to install trapdoors or other trojan horse software in the
form of stored procedures. In addition, if the database software is
running with root privileges, then any file on the server's file
system can be overwritten, possibly leading to execution of arbitrary
commands as root.
III. Solution
Apply a vendor-supplied patch
Both Borland and The Firebird Project on SourceForge have published
fixes for this problem. Appendix A contains information provided by
vendors supplying these fixes. We will update the appendix as we
receive more information. If you do not see your vendor's name, the
CERT/CC did not hear from that vendor. Please contact your vendor
directly.
Users who are more comfortable making their own changes in source code
may find the new code available on SourceForge useful as well:
http://sourceforge.net/projects/interbase
http://sourceforge.net/projects/firebird
Block access to port 3050/tcp
This will not, however, prevent local users or users within a
firewall's adminstrative boundary from accessing the back door
account. In addition, the port the Interbase server listens on may be
changed dynamically at startup.
Appendix A. Vendor Information
Borland
Please see:
http://www.borland.com/interbase/
IBPhoenix
The Firebird project uncovered serious security problems with
InterBase. The problems are fixed in Firebird build 0.9.4 for all
platforms. If you are running either InterBase V6 or Firebird 0.9.3,
you should upgrade to Firebird 0.9.4.
These security holes affect all version of InterBase shipped since
1994, on all platforms.
For those who can not upgrade, Jim Starkey developed a patch program
that will correct the more serious problems in any version of
InterBase on any platform. IBPhoenix chose to release the program
without charge, given the nature of the problem and our relationship
to the community.
At the moment, name service is not set up to the machine that is
hosting the patch, so you will have to use the IP number both for the
initial contact and for the ftp download.
To start, point your browser at
http://firebird.ibphoenix.com/
Apple
The referenced database package is not packaged with Mac OS X or Mac
OS X Server.
Fujitsu
Fujitsu's UXP/V operating system is not affected by this problem
because we don't support the relevant database.
References
1. VU#247371: Borland/Inprise Interbase SQL database server contains
backdoor superuser account with known password CERT/CC,
01/10/2001, https://www.kb.cert.org/vuls/id/247371
_________________________________________________________________
Author: This document was written by Jeffrey S Havrilla. Feedback on
this advisory is appreciated.
______________________________________________________________________
This document is available from:
http://www.cert.org/advisories/CA-2001-01.html
______________________________________________________________________
CERT/CC Contact Information
Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.
CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
Monday through Friday; they are on call for emergencies during other
hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email.
Our public PGP key is available from
http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more
information.
Getting security information
CERT publications and other security information are available from
our web site
http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins,
send email to majordomo@cert.org. Please include in the body of your
message
subscribe cert-advisory
* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
______________________________________________________________________
NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie
Mellon University makes no warranties of any kind, either expressed or
implied as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability, exclusivity or
results obtained from use of the material. Carnegie Mellon University
does not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
_________________________________________________________________
Conditions for use, disclaimers, and sponsorship information
Copyright 2001 Carnegie Mellon University.
Revision History
Borland一贯赶潮流,这次Open Source的潮流自然也没有放过。
这不,InterBase也开放源代码了,不可谓不政治正确。
可惜有时候政治以正确,问题就出来了,捂了六年之久的一个Security
Hole在Open Source年代终于让人家揪出来了。要是不Open Source,
哪来的这种事情?
看看你的InterBase,无论是4.0, 5.0还是6。0也无论是Windows版还是
Linux版,看看它是不是有politically/correct
==================================
然后突然想起CERT前些日子发的通告
呵呵,如果MS的东西也开源,不知道会被人找出多 少个漏洞出来
) CERT Advisory CA-2001-01 Interbase Server Contains Compiled-in Back Door
Account
Original release date: January 10, 2001
Last revised: --
Source: CERT/CC
A complete revision history is at the end of this file.
Systems Affected
* Borland/Inprise Interbase 4.x and 5.x
* Open source Interbase 6.0 and 6.01
* Open source Firebird 0.9-3 and earlier
Overview
Interbase is an open source database package that had previously been
distributed in a closed source fashion by Borland/Inprise. Both the
open and closed source verisions of the Interbase server contain a
compiled-in back door account with a known password.
I. Description
Interbase is an open source database package that is distributed by
Borland/Inprise at http://www.borland.com/interbase/ and on
SourceForge. The Firebird Project, an alternate Interbase package, is
also distributed on SourceForge. The Interbase server for both
distributions contains a compiled-in back door account with a fixed,
easily located plaintext password. The password and account are
contained in source code and binaries previously made available at the
following sites:
http://www.borland.com/interbase/
http://sourceforge.net/projects/interbase
http://sourceforge.net/projects/firebird
http://firebird.sourceforge.net
http://www.ibphoenix.com
http://www.interbase2000.com
This back door allows any local user or remote user able to access
port 3050/tcp [gds_db] to manipulate any database object on the
system. This includes the ability to install trapdoors or other trojan
horse software in the form of stored procedures. In addition, if the
database software is running with root privileges, then any file on
the server's file system can be overwritten, possibly leading to
execution of arbitrary commands as root.
This vulnerability was not introduced by unauthorized modifications to
the original vendor's source. It was introduced by maintainers of the
code within Borland. The back door account password cannot be changed
using normal operational commands, nor can the account be deleted from
existing vulnerable servers [see References].
This vulnerability has been assigned the identifier CAN-2001-0008 by
the Common Vulnerabilities and Exposures (CVE) group:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0008
The CERT/CC has not received reports of this back door being exploited
at the current time. We do recommend, however, that all affected sites
and redistributors of Interbase products or services follow the
recommendations suggested in Section III, as soon as possible due to
the seriousness of this issue.
II. Impact
Any local user or remote user able to access port 3050/tcp [gds_db]
can manipulate any database object on the system. This includes the
ability to install trapdoors or other trojan horse software in the
form of stored procedures. In addition, if the database software is
running with root privileges, then any file on the server's file
system can be overwritten, possibly leading to execution of arbitrary
commands as root.
III. Solution
Apply a vendor-supplied patch
Both Borland and The Firebird Project on SourceForge have published
fixes for this problem. Appendix A contains information provided by
vendors supplying these fixes. We will update the appendix as we
receive more information. If you do not see your vendor's name, the
CERT/CC did not hear from that vendor. Please contact your vendor
directly.
Users who are more comfortable making their own changes in source code
may find the new code available on SourceForge useful as well:
http://sourceforge.net/projects/interbase
http://sourceforge.net/projects/firebird
Block access to port 3050/tcp
This will not, however, prevent local users or users within a
firewall's adminstrative boundary from accessing the back door
account. In addition, the port the Interbase server listens on may be
changed dynamically at startup.
Appendix A. Vendor Information
Borland
Please see:
http://www.borland.com/interbase/
IBPhoenix
The Firebird project uncovered serious security problems with
InterBase. The problems are fixed in Firebird build 0.9.4 for all
platforms. If you are running either InterBase V6 or Firebird 0.9.3,
you should upgrade to Firebird 0.9.4.
These security holes affect all version of InterBase shipped since
1994, on all platforms.
For those who can not upgrade, Jim Starkey developed a patch program
that will correct the more serious problems in any version of
InterBase on any platform. IBPhoenix chose to release the program
without charge, given the nature of the problem and our relationship
to the community.
At the moment, name service is not set up to the machine that is
hosting the patch, so you will have to use the IP number both for the
initial contact and for the ftp download.
To start, point your browser at
http://firebird.ibphoenix.com/
Apple
The referenced database package is not packaged with Mac OS X or Mac
OS X Server.
Fujitsu
Fujitsu's UXP/V operating system is not affected by this problem
because we don't support the relevant database.
References
1. VU#247371: Borland/Inprise Interbase SQL database server contains
backdoor superuser account with known password CERT/CC,
01/10/2001, https://www.kb.cert.org/vuls/id/247371
_________________________________________________________________
Author: This document was written by Jeffrey S Havrilla. Feedback on
this advisory is appreciated.
______________________________________________________________________
This document is available from:
http://www.cert.org/advisories/CA-2001-01.html
______________________________________________________________________
CERT/CC Contact Information
Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.
CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
Monday through Friday; they are on call for emergencies during other
hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by email.
Our public PGP key is available from
http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for more
information.
Getting security information
CERT publications and other security information are available from
our web site
http://www.cert.org/
To subscribe to the CERT mailing list for advisories and bulletins,
send email to majordomo@cert.org. Please include in the body of your
message
subscribe cert-advisory
* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
______________________________________________________________________
NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie
Mellon University makes no warranties of any kind, either expressed or
implied as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability, exclusivity or
results obtained from use of the material. Carnegie Mellon University
does not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
_________________________________________________________________
Conditions for use, disclaimers, and sponsorship information
Copyright 2001 Carnegie Mellon University.
Revision History
M
mikedeakins
Unregistered / Unconfirmed
GUEST, unregistred user!
interbase 的数据结构操作代码在 jrd 目录,一看吓了一跳:代码的书写结构真是希奇。
由于之前我一直在研究 mysql 的源代码,看了一会儿 interbase 的以后,不但被奇怪
的变量名给搞得头晕,而且对于它的数据操纵技术也是一头雾水。
如果想研究数据库技术,推荐 mysql。
另外,从 mysql interbase 的操纵部分来看(sql parsing & file access & caching
policy),这些数据库确实不能和 m$ sql server 相提并论(sql server 的架构参见
sql server 联机丛书)。
由于之前我一直在研究 mysql 的源代码,看了一会儿 interbase 的以后,不但被奇怪
的变量名给搞得头晕,而且对于它的数据操纵技术也是一头雾水。
如果想研究数据库技术,推荐 mysql。
另外,从 mysql interbase 的操纵部分来看(sql parsing & file access & caching
policy),这些数据库确实不能和 m$ sql server 相提并论(sql server 的架构参见
sql server 联机丛书)。
Z
zl
Unregistered / Unconfirmed
GUEST, unregistred user!
顶一下
A
am2000
Unregistered / Unconfirmed
GUEST, unregistred user!
支持InterBase
I
ib6
Unregistered / Unconfirmed
GUEST, unregistred user!
谈下去
Y
yysun
Unregistered / Unconfirmed
GUEST, unregistred user!
在下愚见:Borland 是专门摧毁数据库的公司。君不见:
它毁掉了 Paradox, 毁掉了 dBase, 毁掉了 BDE ...
Interbase 从开始就没有红火过,现在沦落到 mySQL 的地步,甚至可能还不如...
向上,拼不过 Oracle, MS SQL Server,向下拼不过 Access。
最后,所谓 Open Source 是那些活不下去的人的最后一博。
Oracle, SQL Server 为什么不 Open Source?
它毁掉了 Paradox, 毁掉了 dBase, 毁掉了 BDE ...
Interbase 从开始就没有红火过,现在沦落到 mySQL 的地步,甚至可能还不如...
向上,拼不过 Oracle, MS SQL Server,向下拼不过 Access。
最后,所谓 Open Source 是那些活不下去的人的最后一博。
Oracle, SQL Server 为什么不 Open Source?
