[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: photuris-06.txt



At 06:20 PM 11/7/95 -0800, Phil Karn wrote:
>>But that SPARC 2000 that has one of my key databases on that I need to
>>interact with?  There is over 200Gb on that system now with 50 databases.
>>Even the production SPARCs have a handful of people allowed to do direct
>>logins for maintanance....
>
>I guess I don't know enough about how big database machines are structured and
>used. Can ordinary users run arbitrary tasks on the database machine, or
>does it only run dedicated server software?

In theory, the user can only submit requests to the database engine on the
designated port.

In practice, there needs to be lots of support IDs on these systems:  UNIX
maint, SQL engine maint, Data maint.  So Telnet and RLOGIN sessions are
fairly common.  Then there is automated data movement.  Traditionally done
by scripted FTPs, commonly from MVS batch jobs.  We are beginning to see
replication services, but I have not ripped any of them apart to study their
comm mechinisms.

Finally, there has been no code review of these SQL engines to determine if
they leave the hosts open to any attacks, ala the CERN HTTPD >4096 URL attack.

Robert Moskowitz
Chrysler Corporation
(810) 758-8212