Discussion:
Creating the SYB_BACKUP server with password
(too old to reply)
unknown
2007-09-17 15:54:48 UTC
Permalink
How do we password protect our backup server for ASE15.0.2?

Our security team was able to scan the port for which the
backup server is listening.

I was able to isql -Usa -SSYB_BACK with sa's password being
null., but I could not do anything else.

My security team says we have to assign a password for the
backup server because the port is wide open.

Is this different from the sa user on the ASE which we do
have a password assigned?
Cory
2007-09-17 16:47:54 UTC
Permalink
I'm another customer...
The best thing that we have done is to password protect the dump files with
"passwd='your password here'". That would prevent anyone from reading the files
available to this backupserver.


I do not know that it is possible to password protect the open port.

Cory

On 17 Sep 2007 08:54:48 -0700,
in sybase.public.ase.backup+recovery
Post by unknown
How do we password protect our backup server for ASE15.0.2?
Our security team was able to scan the port for which the
backup server is listening.
I was able to isql -Usa -SSYB_BACK with sa's password being
null., but I could not do anything else.
My security team says we have to assign a password for the
backup server because the port is wide open.
Is this different from the sa user on the ASE which we do
have a password assigned?
SybaseNeal
2007-09-17 19:35:29 UTC
Permalink
Hello,

Backup Server does not do user authentication. It does not
have a command line interface. You would have to write a
client application that uses proprietary APIs and RPCs to
make the Backup Server do anything.

I could not find any existing feature requests so if this
is an important requirement for your company, I would recommend
logging a case with Sybase Technical Support.

There are some things you can do to minimize access to it.
For example:
- Do not provide access to the machine where ASE is running.
- Boot the backup server with the localhost address (127.0.0.1)
so that only servers running on that box can connect to it.
- Password protect the dump files.

That way only users with SA or operator role in that ASE will be
able to use the backupserver. Of course, this will disable any
remote dump capabilities.

Thanks,
Neal
Rob Verschoor
2007-09-19 10:50:49 UTC
Permalink
I'm not sure I see the problem. ASE has its ports just as wide open as
Backup Server does. It's just that ASE uses an authentication protocol with
a password whereas backup Server can only be access through ASE (ASE makes
RPC calls to Backup Server).

HTH,

Rob V.
-------------------------------------------------------------
Rob Verschoor

Certified Sybase Professional DBA for ASE 12.5/12.0/11.5/11.0
and Replication Server 12.5 / TeamSybase

Author of Sybase books (order online at www.sypron.nl/shop):
"Tips, Tricks & Recipes for Sybase ASE" (ASE 15 edition)
"The Complete Sybase ASE Quick Reference Guide"
"The Complete Sybase Replication Server Quick Reference Guide"

mailto:***@YOUR.SPAM.sypron.nl.NOT.FOR.ME
http://www.sypron.nl
Sypron B.V., P.O.Box 10695, 2501HR Den Haag, The Netherlands
-------------------------------------------------------------
Post by unknown
How do we password protect our backup server for ASE15.0.2?
Our security team was able to scan the port for which the
backup server is listening.
I was able to isql -Usa -SSYB_BACK with sa's password being
null., but I could not do anything else.
My security team says we have to assign a password for the
backup server because the port is wide open.
Is this different from the sa user on the ASE which we do
have a password assigned?
Loading...