apt-get install firebird2.5-superclassic dpkg-reconfigure firebird2.5-superclassicChoose a good password
vi /etc/firebird/2.5/firebird.conf
add only the localhost to the Remote Bind Address (we listen only on it and nothing else)
RemoteBindAddress = 127.0.0.1 DatabaseAccess = Restrict /var/lib/firebird/2.5/data/
restart super classic
sudo service firebird2.5-superclassic restart
check if it listens on localhost ip only
netstat -tap | grep gds tcp 0 0 localhost:gds_db *:* LISTEN 2129/fb_smp_server
There are more ideas : running apache + php in a chroot , adding apparmor rules
maybe we need a chroot feature in firebird in the future
No comments:
Post a Comment