Contents Index Restricted syntax Initialization utility

SQL Anywhere Studio Security Guide
  Restricted Syntax

Database engine/server


This page describes operation of Adaptive Server Anywhere in a manner equivalent to a C2-security-certified configuration. It does not provide general-purpose information on the topic.

Syntax 1 

dbeng9 -sc -gd dba -gk dba -gl dba -gu dba -x namedpipes(TDS=NO)
optional-engine-or-server-switches ]
db-file [ optional-database-switches ] ] ...

Syntax 2 

dbsrv9 -sc -gd dba -gk dba -gl dba -gu dba -x namedpipes(TDS=NO)
optional-engine-or-server-switches ]
db-file [ optional-database-switches ] ] ...

Required switches: 
Switch Description Reason
-sc Set up C2 Certified communication links. Disallows shared memory connections.
-gd dba Set starting database permission to DBA. Non-DBA users could start their own database, connect as DBA, and then execute the UNLOAD or DROP DATABASE statements, or stop the engine or server.
-gk dba Set stopping database engine or server permission to DBA. Non-DBA users could stop the database engine or server, causing denial-of-service.
-gl dba Set LOAD/UNLOAD permission to DBA. A non-DBA user could use the UNLOAD command to write to the file system with the permissions of the sybase user.
-gu dba Set utility commands permission to DBA. Non-DBA users could use the DROP DATABASE statement to delete database files owned by the sybase user.
-x namedpipes(TDS=NO) Starts the named pipes port and disallows TDS connections. The named pipes port is the only communications mechanism supported in the certified configuration; the TDS protocol is not included in the certified configuration.
Optional engine or server switches: 
Switch Description Restrictions
-a logfile Apply named transaction log file. Used only in recovery.
-b Run in bulk operations mode.
-c size Make initial cache a maximum of size bytes.
-ca 0 Disable automatic cache growth to compensate for memory allocation.
-ch size Set maximum cache size of size bytes.
-cl size Set minimum cache size of size bytes.
-cs Display cache sizing statistics.
-ct Perform client-engine or server character translation.
-d Disable asynchronous I/O.
-e Encrypt communications messages.
-f Force database to start without transaction log. Used only in recovery. Note that auditing is unavailable if the engine or server is started with this switch.
-ga Automatically shutdown after last database closed.
-gc num Set checkpoint timeout period to num minutes.
-ge size Set external DLL thread stack size.
-gf Disable firing of triggers.
-gm num Allow maximum num connections, if possible.
-gn num Use num engine or server threads.
-gp size Set maximum page size of size bytes.
-gr num Set maximum recovery time to num minutes.
-gt num Allow num OS threads to run concurrently.
-gw num Background process every num milliseconds. Default 500 milliseconds.
-gx num Use num OS threads.
-m Truncate transaction log after checkpoint. Note that this also truncates the audit log after checkpoint.
-n name Name the database engine or server.
-o file Filename for copy of message window.
-os size Maximum size for the file specified by -o.
-p size Set maximum communication packet size.
-q Quiet mode—suppress output.
-r Read-only mode—database modifications not allowed.
-ti min Client idle time before disconnect. Default 240 minutes.
-tl sec Client liveness timeout in seconds. Has no effect in certified configuration.
-tq time Set quitting time.
-u Use buffered disk I/O.
-v Display product version information.
-z Display debugging information.
-zo file Redirect request logging information to file.
-zr level Set request logging level. Level may be ALL, SQL, or NONE.
-zs size Maximum size for file specified by -zo.

db-file is a fully-qualified database file or write file name. All files must reside in your C2 database folder.


Contents Index Restricted syntax Initialization utility