mariuz, Author at Firebird News

Avoding blind sql injections in #php

September 20, 2014 mariuz Leave a comment

Common steps in avoiding sql injections

1.First step is to sanitize the inputs and never trust what comes from POST/GET :

2.Another tip is to Always use prepared statements (in ibase) or PDO that is more safe (query stays unchaged while executing the php script) and the parameters will be the only changes in the queries (feed them from post/get) also casting the variables to int and string is a good way filtering is not enough, casting is better

3.Another posibility is using stored procedures were business rules are done inside firebird and you specify only the parameters (this way the query stays unmodified and the where clause can’t be changed by evil hackers)

Firebird Manual Pages Reorganisation and cleanup

September 16, 2014 mariuz Leave a comment

Paul Vinkenoog cleaned up that page and wrote on Firebird-docs:

– On top are the most important version-specific docs for the currently supported versions, i.e. 2.5 and 2.1 Quick Start Guides and LangRef Updates.

– After that, the Command Line Utilities manuals, followed by other user manuals, reference material and the Firebird licenses.

– Then come the manuals on no longer supported versions, the IB6 manuals, and finally the manuals for Firebird docwriters.

I’m sure we can still do better, by integrating some of the docs pages and using only one line per document (with the available language links listed like we used to, e.g. “en fr de nl”), which saves a lot of vertical scrolling, but that’s for another day.

Cheers

ps: Thanks Lukas Eder for suggestions

Firebird Conference 2014: only 1 month left

September 16, 2014 mariuz Leave a comment

Firebird International Conference 2014 will take place on October 24-25, in Prague. 2 days of the intensive talks from Firebird core and drivers developers, vendors of leading Firebird tools and even legends of the database world: Ann Harrison and Jim Starkey.

Take a look at detailed talks descriptions. Don’t miss the biggest event of the year, register now!

The Perfect Database Server: Firebird 2.5.3 And FreeBSD 10

September 12, 2014 mariuz Leave a comment

Here is the guide on installing Firebird 2.5.3 from FreeBSD 10 Ports and
creating your first test database; also we show you how to install
Flamerobin GUI (administration tool) and the PHP driver for it. This was tested on fresh FreeBSD 10 on a kvm-linux virtual machine.

Download a compressed snapshot of the Ports Collection into /var/db/portsnap.

# portsnap fetch

Or update it.
If you are running Portsnap for the first time, extract the snapshot into /usr/ports:

# portsnap extract

If you already have a populated /usr/ports directory and you are just updating, run the following command instead:

# portsnap update

Enter firebird server ports directory:

# cd /usr/ports/databases/firebird25-server

Compile and install firebird server:

# make -DPACKAGE_BUILDING

# make install

Enable it by adding

firebird_enable="YES"

in

/etc/rc.conf.

Start it with:

# /usr/local/etc/rc.d/firebird start

logs and security2.fdb seems to be in /var/db/firebird.

# /usr/local/bin/isql-fb

To create a new database:

SQL> create database “tmp/first_database.fdb”;

SQL> connect “/tmp/first_database.fdb” ;

Commit current transaction (y/n)? <– y

Committing.

Database: “/tmp/first_database.fdb”

SQL>

If you want to create a simple table then insert 1-2 rows and select from it; here is one example:

SQL> CREATE TABLE TEST (ID INT NOT NULL PRIMARY KEY, NAME VARCHAR(20));

SQL> show tables;

TEST

SQL> INSERT INTO TEST VALUES (1, ‘John’);

SQL> INSERT INTO TEST VALUES (2, ‘Joe’);

SQL> select * from test;

ID NAME

============ ====================

1 John

2 Joe

To quit the isql-fb console, type quit:

SQL> quit

CON>;

For a good open source GUI admin tool you might check the flamerobin administration tool included in ports repository; it can be installed by a simple:

# cd /usr/ports/databases/flamerobin/ && make install clean

Or if you don’t want to wait use pkg-add

# pkg-add -r flamerobin

To use firebird with php, you will need the php5 driver:

# cd /usr/ports/databases/php5-interbase/ && make install clean

You can choose to compile php with apache support (I have chosen cli, cgi , and apache support);

check it if is enabled with:

# /usr/local/bin/php -m

Or if you don’t want to wait compile all the php use pkg-add

# pkg-add -r php5-interbase

Jaybird will switch to Java Native Access instead of JNI

September 9, 2014 mariuz Leave a comment

Mark Rotteveel tweeted about his progress towards using JNA instead of JNI:

Continuing my adventure with JNA for Firebird native client and embedded support in Jaybird 3.0, so I can remove existing JNI wrapper.

Firebird 2.5.3 from EPEL 7 stable repository

September 8, 2014 mariuz Leave a comment

EPEL 7 left the beta stage so you can install Firebird 2.5.3 packages for Centos/RHEL 7 from stable repository

sudo yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-1.noarch.rpm

yum –enablerepo=epel install firebird-superclassic

and since EPEL 7 use Systemd, you can use Systemd to enable the service
and stop or start it
read the README provided :
http://pkgs.fedoraproject.org/cgit/firebird.git/tree/README.Fedora?h=epel7

you also have classic and superserver
http://dl.fedoraproject.org/pub/epel/7/x86_64/repoview/firebird.html
http://dl.fedoraproject.org/pub/epel/7/x86_64/repoview/firebird-classic.html
http://dl.fedoraproject.org/pub/epel/7/x86_64/repoview/firebird-superserver.html