SQL Anywhere Studio Security Guide
Restricted Syntax
This page describes operation of Adaptive Server Anywhere in a manner equivalent to a C2-security-certified configuration. It does not provide general-purpose information on the topic.
dbeng9 -sc -gd dba -gk dba -gl dba -gu dba -x namedpipes(TDS=NO)
[ optional-engine-or-server-switches ]
[ db-file [ optional-database-switches ] ] ...
dbsrv9 -sc -gd dba -gk dba -gl dba -gu dba -x namedpipes(TDS=NO)
[ optional-engine-or-server-switches ]
[ db-file [ optional-database-switches ] ] ...
Switch | Description | Reason |
---|---|---|
-sc | Set up C2 Certified communication links. | Disallows shared memory connections. |
-gd dba | Set starting database permission to DBA. | Non-DBA users could start their own database, connect as DBA, and then execute the UNLOAD or DROP DATABASE statements, or stop the engine or server. |
-gk dba | Set stopping database engine or server permission to DBA. | Non-DBA users could stop the database engine or server, causing denial-of-service. |
-gl dba | Set LOAD/UNLOAD permission to DBA. | A non-DBA user could use the UNLOAD command to write to the file system with the permissions of the sybase user. |
-gu dba | Set utility commands permission to DBA. | Non-DBA users could use the DROP DATABASE statement to delete database files owned by the sybase user. |
-x namedpipes(TDS=NO) | Starts the named pipes port and disallows TDS connections. | The named pipes port is the only communications mechanism supported in the certified configuration; the TDS protocol is not included in the certified configuration. |
Switch | Description | Restrictions |
---|---|---|
-a logfile | Apply named transaction log file. | Used only in recovery. |
-b | Run in bulk operations mode. | |
-c size | Make initial cache a maximum of size bytes. | |
-ca 0 | Disable automatic cache growth to compensate for memory allocation. | |
-ch size | Set maximum cache size of size bytes. | |
-cl size | Set minimum cache size of size bytes. | |
-cs | Display cache sizing statistics. | |
-ct | Perform client-engine or server character translation. | |
-d | Disable asynchronous I/O. | |
-e | Encrypt communications messages. | |
-f | Force database to start without transaction log. | Used only in recovery. Note that auditing is unavailable if the engine or server is started with this switch. |
-ga | Automatically shutdown after last database closed. | |
-gc num | Set checkpoint timeout period to num minutes. | |
-ge size | Set external DLL thread stack size. | |
-gf | Disable firing of triggers. | |
-gm num | Allow maximum num connections, if possible. | |
-gn num | Use num engine or server threads. | |
-gp size | Set maximum page size of size bytes. | |
-gr num | Set maximum recovery time to num minutes. | |
-gt num | Allow num OS threads to run concurrently. | |
-gw num | Background process every num milliseconds. Default 500 milliseconds. | |
-gx num | Use num OS threads. | |
-m | Truncate transaction log after checkpoint. | Note that this also truncates the audit log after checkpoint. |
-n name | Name the database engine or server. | |
-o file | Filename for copy of message window. | |
-os size |
Maximum size for the file specified by -o .
|
|
-p size | Set maximum communication packet size. | |
-q | Quiet mode—suppress output. | |
-r | Read-only mode—database modifications not allowed. | |
-ti min | Client idle time before disconnect. Default 240 minutes. | |
-tl sec | Client liveness timeout in seconds. | Has no effect in certified configuration. |
-tq time | Set quitting time. | |
-u | Use buffered disk I/O. | |
-v | Display product version information. | |
-z | Display debugging information. | |
-zo file | Redirect request logging information to file. | |
-zr level | Set request logging level. Level may be ALL, SQL, or NONE. | |
-zs size |
Maximum size for file specified by -zo .
|
db-file is a fully-qualified database file or write file name. All files must reside in your C2 database folder.