Wednesday, April 1, 2009

FAQs – March 2009

Server-Side Alias on Linux

A server-side alias is a mechanism for allowing access to data through the Advantage server without creating a network share. The aliases are stored in a file named adserver.ini which must be stored in the error log path (default /var/log/advantage). This path is specified in the Error and Assert Log Path setting in the ads.conf file.

Using server-side aliases is Aliases are specified under the ServerAliases heading. The syntax is <name>=<path> see the example below:

[ServerAliases]
MyApp=/usr/local/myapp
Medical=/usr/local/medapp

The Advantage server caches the contents of the adsserver.ini file for performance reasons but this cache is updated when the file is changed.

Dictionary Passwords

To ensure the security of user passwords Advantage uses a certificate mechanism for authentication. A certificate is generated by the client based on the user entered password. The server verifies this certificate based on the password stored in the dictionary. If the information is correct the server generates a certificate which is passed back to the client. Once the client verifies the authenticity of the certificate the authentication process is completed. The password is never sent across the network in an unencrypted form.

The user password is encrypted with a one-way hash and stored in the data dictionary. With one-way hash, we can only verify the correctness of the supplied password but we do not have the password in clear text except the one supplied by the users.

Clipper Clients with Exclusive Proprietary Locking

With version 9.1 of Advantage Database Server our proprietary locking has changed slightly. This new implementation does not work with Clipper based applications. The first Clipper application will successfully connect to Advantage and be able to open and manipulate tables. However, other users will not be able to use the tables and other instances of the application will fail.

Clipper implements rights checking by trying to physically open the file which succeeds on the first attempt but fails on the second attempt thus causing the error. Advantage 32-bit clients check the rights to the file through the operating system. With non-exclusive proprietary locking the file was able to be opened read-only so no error was returned.

There are two solutions to this issue you can turn off rights checking or revert to using non-exclusive proprietary locking. I recommend that you turn off rights checking using the following command ax_rightschecking(.f.). This way the application will not attempt to open the file directly and will use Advantage to open the tables.

To use non-exclusive proprietary locking you must set the NONEXCLUSIVE-PROPRIETARY-LOCKING property to 1. For details on setting this property on the various Advantage servers refer to the help file.

ADS Backup Utility Options

Advantage ships with a command line backup utility program that can be used to create backups and restore databases. This tool has many options for customizing the behavior of the backup. Three new options have been added in version 9.

  • Specify a table type map (-w)
  • Don’t create the output table if no errors are logged (-x)
  • Specify a username (-y)

When backing up a directory of free tables that contains more than one table type you had to perform a backup for each table type. With 9.x you can specify multiple table types to ensure that all tables are backed up with one pass.

In version 8.x the utility always saved the results of the backup to a file even if no errors were reported. By specifying the –w option the results will only be saved when warnings or errors are logged during the backup.

Version 9 also introduced database roles which include a DB:Backup group. Members of this group have permission to backup the database in addition to the administrative user (adssys). You can specify the username for a user in the DB:Backup group using –y, specify the password using –p.

No comments: