SQL Anywhere Studio Security Guide
Restricted Syntax
This page describes operation of Adaptive Server Anywhere in a manner equivalent to a C2-security-certified configuration. It does not provide general-purpose information on the topic.
dbeng9 -sc -gd dba -gk dba -gl dba -gu dba -x namedpipes(TDS=NO)
[ optional-engine-or-server-switches ]
[ db-file [ optional-database-switches ] ] ...
dbsrv9 -sc -gd dba -gk dba -gl dba -gu dba -x namedpipes(TDS=NO)
[ optional-engine-or-server-switches ]
[ db-file [ optional-database-switches ] ] ...
| Switch | Description | Reason |
|---|---|---|
| -sc | Set up C2 Certified communication links. | Disallows shared memory connections. |
| -gd dba | Set starting database permission to DBA. | Non-DBA users could start their own database, connect as DBA, and then execute the UNLOAD or DROP DATABASE statements, or stop the engine or server. |
| -gk dba | Set stopping database engine or server permission to DBA. | Non-DBA users could stop the database engine or server, causing denial-of-service. |
| -gl dba | Set LOAD/UNLOAD permission to DBA. | A non-DBA user could use the UNLOAD command to write to the file system with the permissions of the sybase user. |
| -gu dba | Set utility commands permission to DBA. | Non-DBA users could use the DROP DATABASE statement to delete database files owned by the sybase user. |
| -x namedpipes(TDS=NO) | Starts the named pipes port and disallows TDS connections. | The named pipes port is the only communications mechanism supported in the certified configuration; the TDS protocol is not included in the certified configuration. |
| Switch | Description | Restrictions |
|---|---|---|
| -a logfile | Apply named transaction log file. | Used only in recovery. |
| -b | Run in bulk operations mode. | |
| -c size | Make initial cache a maximum of size bytes. | |
| -ca 0 | Disable automatic cache growth to compensate for memory allocation. | |
| -ch size | Set maximum cache size of size bytes. | |
| -cl size | Set minimum cache size of size bytes. | |
| -cs | Display cache sizing statistics. | |
| -ct | Perform client-engine or server character translation. | |
| -d | Disable asynchronous I/O. | |
| -e | Encrypt communications messages. | |
| -f | Force database to start without transaction log. | Used only in recovery. Note that auditing is unavailable if the engine or server is started with this switch. |
| -ga | Automatically shutdown after last database closed. | |
| -gc num | Set checkpoint timeout period to num minutes. | |
| -ge size | Set external DLL thread stack size. | |
| -gf | Disable firing of triggers. | |
| -gm num | Allow maximum num connections, if possible. | |
| -gn num | Use num engine or server threads. | |
| -gp size | Set maximum page size of size bytes. | |
| -gr num | Set maximum recovery time to num minutes. | |
| -gt num | Allow num OS threads to run concurrently. | |
| -gw num | Background process every num milliseconds. Default 500 milliseconds. | |
| -gx num | Use num OS threads. | |
| -m | Truncate transaction log after checkpoint. | Note that this also truncates the audit log after checkpoint. |
| -n name | Name the database engine or server. | |
| -o file | Filename for copy of message window. | |
| -os size |
Maximum size for the file specified by -o.
|
|
| -p size | Set maximum communication packet size. | |
| -q | Quiet mode—suppress output. | |
| -r | Read-only mode—database modifications not allowed. | |
| -ti min | Client idle time before disconnect. Default 240 minutes. | |
| -tl sec | Client liveness timeout in seconds. | Has no effect in certified configuration. |
| -tq time | Set quitting time. | |
| -u | Use buffered disk I/O. | |
| -v | Display product version information. | |
| -z | Display debugging information. | |
| -zo file | Redirect request logging information to file. | |
| -zr level | Set request logging level. Level may be ALL, SQL, or NONE. | |
| -zs size |
Maximum size for file specified by -zo.
|
db-file is a fully-qualified database file or write file name. All files must reside in your C2 database folder.