The forum will experience an outage sometime between February 10 at 7:00pm EST and February 12 at 11:59 EST for installation of security updates. The actual time and duration of the outage are unknown but attempts will be made to minimize the downtime. We apologize for any inconvenience.

I have seen the thread about how you can get in full control of your db server (Sample code: How to get full control over a SQL Anywhere server). My question is a little different, as I don't want to refuse any new connection to the database but only remote ones. So local connections should be still allowed, so that all your administrative tools still work on the server.

asked 24 Feb '10, 09:13

Martin's gravatar image

Martin
8.6k114149237
accept rate: 14%


Breck has given you the easy answer - use dbengX instead of dbsrvX - but you if want to continue to use the network server (and get full use of all CPUs), then you can start the server with:

dbsrvX -x tcpip{localonly=yes} ...other-switches-and-options...

If you just want to temporarily disallow network connections, then you can start your server normally and create a login procedure that checks the CommLink connection parameter.

Example:

SET OPTION public.disallow_non_local_connections = 'NO';

CREATE PROCEDURE DBA.login_check( )
BEGIN
      DECLARE INVALID_LOGON EXCEPTION FOR SQLSTATE '28000';
      // check if non-local connections are allowed
      IF CONNECTION_PROPERTY( 'CommLink' ) != 'local'
         AND ( select setting 
                 from sysoption 
                where "option" = 'disallow_non_local_connections' ) = 'YES'
      THEN
          SIGNAL INVALID_LOGON;
      ELSE
          CALL sp_login_environment;
      END IF;
END;

GRANT EXECUTE ON DBA.login_check TO PUBLIC;

SET OPTION public.login_procedure='DBA.login_check';

Then to disallow non-local connections temporarily, execute:

SET OPTION public.disallow_non_local_connections = 'YES';

And to re-enable non-local connecitons, execute:

SET OPTION public.disallow_non_local_connections = 'NO';
permanent link

answered 24 Feb '10, 13:38

Mark%20Culp's gravatar image

Mark Culp
22.3k9129262
accept rate: 40%

Ah, the usage of user-defined options - something to remember now and then:)

(24 Feb '10, 15:06) Volker Barth

Nice! Me likey!

(24 Feb '10, 22:06) Calvin Allen

Thanks Mark, the solution for the temporary case was what I am looking for.

(26 Feb '10, 11:15) Martin

The easy way is to stop dbsrv*.exe, start dbeng*.exe which doesn't allow network connections.

Alas, the personal server is also limited to using one CPU. For all the differences see http://dcx.sybase.com/1101en/dbadmin_en11/introductionrunning.html

Or... did you mean WAN-versus-LAN?

I gave you a "network-versus-same-machine-connection" answer.

permanent link

answered 24 Feb '10, 09:50

Breck%20Carter's gravatar image

Breck Carter
26.6k418575824
accept rate: 21%

AFAIK, there's a third possibility besides dbengX and dbsrvX -x TCPIP{localonly=yes}:

You can restrict TCP/IP connections altogether by dbsrvX -x none.

That enables only shared memory connections and won't even enable local TDS connections (as those require TCP/IP, e.g. jConnect). Take care as this may not support all variants of connections between local clients and services/terminal services, cf. the docs.

permanent link

answered 05 Jul '11, 08:58

Volker%20Barth's gravatar image

Volker Barth
29.3k287438644
accept rate: 32%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×6

question asked: 24 Feb '10, 09:13

question was seen: 1,472 times

last updated: 05 Jul '11, 08:58