403Webshell
Server IP : 103.119.228.120  /  Your IP : 3.148.108.201
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON |  cURL : ON |  WGET : ON |  Perl : ON |  Python : ON |  Sudo : ON |  Pkexec : ON
Directory :  /usr/local/share/man/man3/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /usr/local/share/man/man3/DBI::ProxyServer.3pm
.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "DBI::ProxyServer 3"
.TH DBI::ProxyServer 3 "2016-04-21" "perl v5.16.3" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
DBI::ProxyServer \- a server for the DBD::Proxy driver
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\&    use DBI::ProxyServer;
\&    DBI::ProxyServer::main(@ARGV);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
DBI::Proxy Server is a module for implementing a proxy for the \s-1DBI\s0 proxy
driver, DBD::Proxy. It allows access to databases over the network if the
\&\s-1DBMS\s0 does not offer networked operations. But the proxy server might be
useful for you, even if you have a \s-1DBMS\s0 with integrated network
functionality: It can be used as a \s-1DBI\s0 proxy in a firewalled environment.
.PP
DBI::ProxyServer runs as a daemon on the machine with the \s-1DBMS\s0 or on the
firewall. The client connects to the agent using the \s-1DBI\s0 driver DBD::Proxy,
thus in the exactly same way than using DBD::mysql, DBD::mSQL or any other
\&\s-1DBI\s0 driver.
.PP
The agent is implemented as a RPC::PlServer application. Thus you have
access to all the possibilities of this module, in particular encryption
and a similar configuration file. DBI::ProxyServer adds the possibility of
query restrictions: You can define a set of queries that a client may
execute and restrict access to those. (Requires a \s-1DBI\s0 driver that supports
parameter binding.) See \*(L"\s-1CONFIGURATION FILE\*(R"\s0.
.PP
The provided driver script, dbiproxy, may either be used as it is or
used as the basis for a local version modified to meet your needs.
.SH "OPTIONS"
.IX Header "OPTIONS"
When calling the \fIDBI::ProxyServer::main()\fR function, you supply an
array of options. These options are parsed by the Getopt::Long module.
The ProxyServer inherits all of RPC::PlServer's and hence Net::Daemon's
options and option handling, in particular the ability to read
options from either the command line or a config file. See
RPC::PlServer. See Net::Daemon. Available options include
.IP "\fIchroot\fR (\fB\-\-chroot=dir\fR)" 4
.IX Item "chroot (--chroot=dir)"
(\s-1UNIX\s0 only)  After doing a \fIbind()\fR, change root directory to the given
directory by doing a \fIchroot()\fR. This is useful for security, but it
restricts the environment a lot. For example, you need to load \s-1DBI\s0
drivers in the config file or you have to create hard links to Unix
sockets, if your drivers are using them. For example, with MySQL, a
config file might contain the following lines:
.Sp
.Vb 9
\&    my $rootdir = \*(Aq/var/dbiproxy\*(Aq;
\&    my $unixsockdir = \*(Aq/tmp\*(Aq;
\&    my $unixsockfile = \*(Aqmysql.sock\*(Aq;
\&    foreach $dir ($rootdir, "$rootdir$unixsockdir") {
\&        mkdir 0755, $dir;
\&    }
\&    link("$unixsockdir/$unixsockfile",
\&         "$rootdir$unixsockdir/$unixsockfile");
\&    require DBD::mysql;
\&
\&    {
\&        \*(Aqchroot\*(Aq => $rootdir,
\&        ...
\&    }
.Ve
.Sp
If you don't know \fIchroot()\fR, think of an \s-1FTP\s0 server where you can see a
certain directory tree only after logging in. See also the \-\-group and
\&\-\-user options.
.IP "\fIclients\fR" 4
.IX Item "clients"
An array ref with a list of clients. Clients are hash refs, the attributes
\&\fIaccept\fR (0 for denying access and 1 for permitting) and \fImask\fR, a Perl
regular expression for the clients \s-1IP\s0 number or its host name.
.IP "\fIconfigfile\fR (\fB\-\-configfile=file\fR)" 4
.IX Item "configfile (--configfile=file)"
Config files are assumed to return a single hash ref that overrides the
arguments of the new method. However, command line arguments in turn take
precedence over the config file. See the \*(L"\s-1CONFIGURATION FILE\*(R"\s0 section
below for details on the config file.
.IP "\fIdebug\fR (\fB\-\-debug\fR)" 4
.IX Item "debug (--debug)"
Turn debugging mode on. Mainly this asserts that logging messages of
level \*(L"debug\*(R" are created.
.IP "\fIfacility\fR (\fB\-\-facility=mode\fR)" 4
.IX Item "facility (--facility=mode)"
(\s-1UNIX\s0 only) Facility to use for Sys::Syslog. The default is
\&\fBdaemon\fR.
.IP "\fIgroup\fR (\fB\-\-group=gid\fR)" 4
.IX Item "group (--group=gid)"
After doing a \fIbind()\fR, change the real and effective \s-1GID\s0 to the given.
This is useful, if you want your server to bind to a privileged port
(<1024), but don't want the server to execute as root. See also
the \-\-user option.
.Sp
\&\s-1GID\s0's can be passed as group names or numeric values.
.IP "\fIlocaladdr\fR (\fB\-\-localaddr=ip\fR)" 4
.IX Item "localaddr (--localaddr=ip)"
By default a daemon is listening to any \s-1IP\s0 number that a machine
has. This attribute allows one to restrict the server to the given
\&\s-1IP\s0 number.
.IP "\fIlocalport\fR (\fB\-\-localport=port\fR)" 4
.IX Item "localport (--localport=port)"
This attribute sets the port on which the daemon is listening. It
must be given somehow, as there's no default.
.IP "\fIlogfile\fR (\fB\-\-logfile=file\fR)" 4
.IX Item "logfile (--logfile=file)"
Be default logging messages will be written to the syslog (Unix) or
to the event log (Windows \s-1NT\s0). On other operating systems you need to
specify a log file. The special value \*(L"\s-1STDERR\*(R"\s0 forces logging to
stderr. See Net::Daemon::Log for details.
.IP "\fImode\fR (\fB\-\-mode=modename\fR)" 4
.IX Item "mode (--mode=modename)"
The server can run in three different modes, depending on the environment.
.Sp
If you are running Perl 5.005 and did compile it for threads, then the
server will create a new thread for each connection. The thread will
execute the server's \fIRun()\fR method and then terminate. This mode is the
default, you can force it with \*(L"\-\-mode=threads\*(R".
.Sp
If threads are not available, but you have a working \fIfork()\fR, then the
server will behave similar by creating a new process for each connection.
This mode will be used automatically in the absence of threads or if
you use the \*(L"\-\-mode=fork\*(R" option.
.Sp
Finally there's a single-connection mode: If the server has accepted a
connection, he will enter the \fIRun()\fR method. No other connections are
accepted until the \fIRun()\fR method returns (if the client disconnects).
This operation mode is useful if you have neither threads nor \fIfork()\fR,
for example on the Macintosh. For debugging purposes you can force this
mode with \*(L"\-\-mode=single\*(R".
.IP "\fIpidfile\fR (\fB\-\-pidfile=file\fR)" 4
.IX Item "pidfile (--pidfile=file)"
(\s-1UNIX\s0 only) If this option is present, a \s-1PID\s0 file will be created at the
given location. Default is to not create a pidfile.
.IP "\fIuser\fR (\fB\-\-user=uid\fR)" 4
.IX Item "user (--user=uid)"
After doing a \fIbind()\fR, change the real and effective \s-1UID\s0 to the given.
This is useful, if you want your server to bind to a privileged port
(<1024), but don't want the server to execute as root. See also
the \-\-group and the \-\-chroot options.
.Sp
\&\s-1UID\s0's can be passed as group names or numeric values.
.IP "\fIversion\fR (\fB\-\-version\fR)" 4
.IX Item "version (--version)"
Suppresses startup of the server; instead the version string will
be printed and the program exits immediately.
.SH "SHUTDOWN"
.IX Header "SHUTDOWN"
DBI::ProxyServer is built on RPC::PlServer which is, in turn, built on Net::Daemon.
.PP
You should refer to Net::Daemon for how to shutdown the server, except that
you can't because it's not currently documented there (as of v0.43).
The bottom-line is that it seems that there's no support for graceful shutdown.
.SH "CONFIGURATION FILE"
.IX Header "CONFIGURATION FILE"
The configuration file is just that of \fIRPC::PlServer\fR or \fINet::Daemon\fR
with some additional attributes in the client list.
.PP
The config file is a Perl script. At the top of the file you may include
arbitrary Perl source, for example load drivers at the start (useful
to enhance performance), prepare a chroot environment and so on.
.PP
The important thing is that you finally return a hash ref of option
name/value pairs. The possible options are listed above.
.PP
All possibilities of Net::Daemon and RPC::PlServer apply, in particular
.IP "Host and/or User dependent access control" 4
.IX Item "Host and/or User dependent access control"
.PD 0
.IP "Host and/or User dependent encryption" 4
.IX Item "Host and/or User dependent encryption"
.IP "Changing \s-1UID\s0 and/or \s-1GID\s0 after binding to the port" 4
.IX Item "Changing UID and/or GID after binding to the port"
.IP "Running in a \fIchroot()\fR environment" 4
.IX Item "Running in a chroot() environment"
.PD
.PP
Additionally the server offers you query restrictions. Suggest the
following client list:
.PP
.Vb 10
\&    \*(Aqclients\*(Aq => [
\&        { \*(Aqmask\*(Aq => \*(Aq^admin\e.company\e.com$\*(Aq,
\&          \*(Aqaccept\*(Aq => 1,
\&          \*(Aqusers\*(Aq => [ \*(Aqroot\*(Aq, \*(Aqwwwrun\*(Aq ],
\&        },
\&        {
\&          \*(Aqmask\*(Aq => \*(Aq^admin\e.company\e.com$\*(Aq,
\&          \*(Aqaccept\*(Aq => 1,
\&          \*(Aqusers\*(Aq => [ \*(Aqroot\*(Aq, \*(Aqwwwrun\*(Aq ],
\&          \*(Aqsql\*(Aq => {
\&               \*(Aqselect\*(Aq => \*(AqSELECT * FROM foo\*(Aq,
\&               \*(Aqinsert\*(Aq => \*(AqINSERT INTO foo VALUES (?, ?, ?)\*(Aq
\&               }
\&        }
.Ve
.PP
then only the users root and wwwrun may connect from admin.company.com,
executing arbitrary queries, but only wwwrun may connect from other
hosts and is restricted to
.PP
.Vb 1
\&    $sth\->prepare("select");
.Ve
.PP
or
.PP
.Vb 1
\&    $sth\->prepare("insert");
.Ve
.PP
which in fact are \*(L"\s-1SELECT\s0 * \s-1FROM\s0 foo\*(R" or \*(L"\s-1INSERT INTO\s0 foo \s-1VALUES \s0(?, ?, ?)\*(R".
.SH "Proxyserver Configuration file (bigger example)"
.IX Header "Proxyserver Configuration file (bigger example)"
This section tells you how to restrict a DBI-Proxy: Not every user from
every workstation shall be able to execute every query.
.PP
There is a perl program \*(L"dbiproxy\*(R" which runs on a machine which is able
to connect to all the databases we wish to reach. All Perl-DBD-drivers must
be installed on this machine. You can also reach databases for which drivers 
are not available on the machine where you run the program querying the 
database, e.g. ask MS-Access-database from Linux.
.PP
Create a configuration file \*(L"proxy_oracle.cfg\*(R" at the dbproxy-server:
.PP
.Vb 8
\&    {
\&        # This shall run in a shell or a DOS\-window 
\&        # facility => \*(Aqdaemon\*(Aq,
\&        pidfile => \*(Aqyour_dbiproxy.pid\*(Aq,
\&        logfile => 1,
\&        debug => 0,
\&        mode => \*(Aqsingle\*(Aq,
\&        localport => \*(Aq12400\*(Aq,
\&
\&        # Access control, the first match in this list wins!
\&        # So the order is important
\&        clients => [
\&                # hint to organize:
\&                # the most specialized rules for single machines/users are 1st
\&                # then the denying rules
\&                # then the rules about whole networks
\&
\&                # rule: internal_webserver
\&                # desc: to get statistical information
\&                {
\&                        # this IP\-address only is meant
\&                        mask => \*(Aq^10\e.95\e.81\e.243$\*(Aq,
\&                        # accept (not defer) connections like this
\&                        accept => 1,
\&                        # only users from this list 
\&                        # are allowed to log on
\&                        users => [ \*(Aqinformationdesk\*(Aq ],
\&                        # only this statistical query is allowed
\&                        # to get results for a web\-query
\&                        sql => {
\&                                alive => \*(Aqselect count(*) from dual\*(Aq,
\&                                statistic_area => \*(Aqselect count(*) from e01admin.e01e203 where geb_bezei like ?\*(Aq,
\&                        }
\&                },
\&
\&                # rule: internal_bad_guy_1
\&                {
\&                        mask => \*(Aq^10\e.95\e.81\e.1$\*(Aq,
\&                        accept => 0,
\&                },
\&
\&                # rule: employee_workplace
\&                # desc: get detailed information
\&                {
\&                        # any IP\-address is meant here
\&                        mask => \*(Aq^10\e.95\e.81\e.(\ed+)$\*(Aq,
\&                        # accept (not defer) connections like this
\&                        accept => 1,
\&                        # only users from this list 
\&                        # are allowed to log on
\&                        users => [ \*(Aqinformationdesk\*(Aq, \*(Aqlippmann\*(Aq ],
\&                        # all these queries are allowed:
\&                        sql => {
\&                                search_city => \*(Aqselect ort_nr, plz, ort from e01admin.e01e200 where plz like ?\*(Aq,
\&                                search_area => \*(Aqselect gebiettyp, geb_bezei from e01admin.e01e203 where geb_bezei like ? or geb_bezei like ?\*(Aq,
\&                        }
\&                },
\&
\&                # rule: internal_bad_guy_2 
\&                # This does NOT work, because rule "employee_workplace" hits
\&                # with its ip\-address\-mask of the whole network
\&                {
\&                        # don\*(Aqt accept connection from this ip\-address
\&                        mask => \*(Aq^10\e.95\e.81\e.5$\*(Aq,
\&                        accept => 0,
\&                }
\&        ]
\&    }
.Ve
.PP
Start the proxyserver like this:
.PP
.Vb 3
\&        rem well\-set Oracle_home needed for Oracle
\&        set ORACLE_HOME=d:\eoracle\eora81
\&        dbiproxy \-\-configfile proxy_oracle.cfg
.Ve
.SS "Testing the connection from a remote machine"
.IX Subsection "Testing the connection from a remote machine"
Call a program \*(L"dbish\*(R" from your commandline. I take the machine from rule \*(L"internal_webserver\*(R"
.PP
.Vb 1
\&        dbish "dbi:Proxy:hostname=oracle.zdf;port=12400;dsn=dbi:Oracle:e01" informationdesk xxx
.Ve
.PP
There will be a shell-prompt:
.PP
.Vb 1
\&        informationdesk@dbi...> alive
\&
\&        Current statement buffer (enter \*(Aq/\*(Aq...):
\&        alive
\&
\&        informationdesk@dbi...> /
\&        COUNT(*)
\&        \*(Aq1\*(Aq
\&        [1 rows of 1 fields returned]
.Ve
.SS "Testing the connection with a perl-script"
.IX Subsection "Testing the connection with a perl-script"
Create a perl-script like this:
.PP
.Vb 2
\&        # file: oratest.pl
\&        # call me like this: perl oratest.pl user password
\&
\&        use strict;
\&        use DBI;
\&
\&        my $user = shift || die "Usage: $0 user password";
\&        my $pass = shift || die "Usage: $0 user password";
\&        my $config = {
\&                dsn_at_proxy => "dbi:Oracle:e01",
\&                proxy => "hostname=oechsle.zdf;port=12400",
\&        };
\&        my $dsn = sprintf "dbi:Proxy:%s;dsn=%s",
\&                $config\->{proxy},
\&                $config\->{dsn_at_proxy};
\&
\&        my $dbh = DBI\->connect( $dsn, $user, $pass )
\&                || die "connect did not work: $DBI::errstr";
\&
\&        my $sql = "search_city";
\&        printf "%s\en%s\en%s\en", "="x40, $sql, "="x40;
\&        my $cur = $dbh\->prepare($sql);
\&        $cur\->bind_param(1,\*(Aq905%\*(Aq);
\&        &show_result ($cur);
\&
\&        my $sql = "search_area";
\&        printf "%s\en%s\en%s\en", "="x40, $sql, "="x40;
\&        my $cur = $dbh\->prepare($sql);
\&        $cur\->bind_param(1,\*(AqPfarr%\*(Aq);
\&        $cur\->bind_param(2,\*(AqBronnamberg%\*(Aq);
\&        &show_result ($cur);
\&
\&        my $sql = "statistic_area";
\&        printf "%s\en%s\en%s\en", "="x40, $sql, "="x40;
\&        my $cur = $dbh\->prepare($sql);
\&        $cur\->bind_param(1,\*(AqPfarr%\*(Aq);
\&        &show_result ($cur);
\&
\&        $dbh\->disconnect;
\&        exit;
\&
\&
\&        sub show_result {
\&                my $cur = shift;
\&                unless ($cur\->execute()) {
\&                        print "Could not execute\en"; 
\&                        return; 
\&                }
\&
\&                my $rownum = 0;
\&                while (my @row = $cur\->fetchrow_array()) {
\&                        printf "Row is: %s\en", join(", ",@row);
\&                        if ($rownum++ > 5) {
\&                                print "... and so on\en";
\&                                last;
\&                        }       
\&                }
\&                $cur\->finish;
\&        }
.Ve
.PP
The result
.PP
.Vb 10
\&        C:\e>perl oratest.pl informationdesk xxx
\&        ========================================
\&        search_city
\&        ========================================
\&        Row is: 3322, 9050, Chemnitz
\&        Row is: 3678, 9051, Chemnitz
\&        Row is: 10447, 9051, Chemnitz
\&        Row is: 12128, 9051, Chemnitz
\&        Row is: 10954, 90513, Zirndorf
\&        Row is: 5808, 90513, Zirndorf
\&        Row is: 5715, 90513, Zirndorf
\&        ... and so on
\&        ========================================
\&        search_area
\&        ========================================
\&        Row is: 101, Bronnamberg
\&        Row is: 400, Pfarramt Zirndorf
\&        Row is: 400, Pfarramt Rosstal
\&        Row is: 400, Pfarramt Oberasbach
\&        Row is: 401, Pfarramt Zirndorf
\&        Row is: 401, Pfarramt Rosstal
\&        ========================================
\&        statistic_area
\&        ========================================
\&        DBD::Proxy::st execute failed: Server returned error: Failed to execute method CallMethod: Unknown SQL query: statistic_area at E:/Perl/site/lib/DBI/ProxyServer.pm line 258.
\&        Could not execute
.Ve
.SS "How the configuration works"
.IX Subsection "How the configuration works"
The most important section to control access to your dbi-proxy is \*(L"client=>\*(R"
in the file \*(L"proxy_oracle.cfg\*(R":
.PP
Controlling which person at which machine is allowed to access
.IP "\(bu" 4
\&\*(L"mask\*(R" is a perl regular expression against the plain ip-address of the machine which wishes to connect _or_ the reverse-lookup from a nameserver.
.IP "\(bu" 4
\&\*(L"accept\*(R" tells the dbiproxy-server whether ip-adresse like in \*(L"mask\*(R" are allowed to connect or not (0/1)
.IP "\(bu" 4
\&\*(L"users\*(R" is a reference to a list of usernames which must be matched, this is \s-1NOT\s0 a regular expression.
.PP
Controlling which SQL-statements are allowed
.PP
You can put every SQL-statement you like in simply omitting \*(L"sql => ...\*(R", but the more important thing is to restrict the connection so that only allowed queries are possible.
.PP
If you include an sql-section in your config-file like this:
.PP
.Vb 4
\&        sql => {
\&                alive => \*(Aqselect count(*) from dual\*(Aq,
\&                statistic_area => \*(Aqselect count(*) from e01admin.e01e203 where geb_bezei like ?\*(Aq,
\&        }
.Ve
.PP
The user is allowed to put two queries against the dbi-proxy. The queries are _not_ \*(L"select count(*)...\*(R", the queries are \*(L"alive\*(R" and \*(L"statistic_area\*(R"! These keywords are replaced by the real query. So you can run a query for \*(L"alive\*(R":
.PP
.Vb 3
\&        my $sql = "alive";
\&        my $cur = $dbh\->prepare($sql);
\&        ...
.Ve
.PP
The flexibility is that you can put parameters in the where-part of the query so the query are not static. Simply replace a value in the where-part of the query through a question mark and bind it as a parameter to the query.
.PP
.Vb 5
\&        my $sql = "statistic_area";
\&        my $cur = $dbh\->prepare($sql);
\&        $cur\->bind_param(1,\*(Aq905%\*(Aq);
\&        # A second parameter would be called like this:
\&        # $cur\->bind_param(2,\*(Aq98%\*(Aq);
.Ve
.PP
The result is this query:
.PP
.Vb 2
\&        select count(*) from e01admin.e01e203 
\&        where geb_bezei like \*(Aq905%\*(Aq
.Ve
.PP
Don't try to put parameters into the sql-query like this:
.PP
.Vb 7
\&        # Does not work like you think.
\&        # Only the first word of the query is parsed,
\&        # so it\*(Aqs changed to "statistic_area", the rest is omitted.
\&        # You _have_ to work with $cur\->bind_param.
\&        my $sql = "statistic_area 905%";
\&        my $cur = $dbh\->prepare($sql);
\&        ...
.Ve
.SS "Problems"
.IX Subsection "Problems"
.IP "\(bu" 4
I don't know how to restrict users to special databases.
.IP "\(bu" 4
I don't know how to pass query-parameters via dbish
.SH "SECURITY WARNING"
.IX Header "SECURITY WARNING"
RPC::PlServer used underneath is not secure due to serializing and
deserializing data with Storable module. Use the proxy driver only in
trusted environment.
.SH "AUTHOR"
.IX Header "AUTHOR"
.Vb 4
\&    Copyright (c) 1997    Jochen Wiedmann
\&                          Am Eisteich 9
\&                          72555 Metzingen
\&                          Germany
\&
\&                          Email: joe@ispsoft.de
\&                          Phone: +49 7123 14881
.Ve
.PP
The DBI::ProxyServer module is free software; you can redistribute it
and/or modify it under the same terms as Perl itself. In particular
permission is granted to Tim Bunce for distributing this as a part of
the \s-1DBI.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
dbiproxy, DBD::Proxy, \s-1DBI\s0, RPC::PlServer,
RPC::PlClient, Net::Daemon, Net::Daemon::Log,
Sys::Syslog, Win32::EventLog, syslog

Youez - 2016 - github.com/yon3zu
LinuXploit