Re: Sybase Proxy for FireWall-1 ?

[ark () eltex ru]

-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

"Ryan Russell" <Ryan.Russell () sybase com> said :
 
> I've seen two claims to app-level proxies for the TDS protocol.  Neither source
> provided me
> with any info when I requested it.

You did not request any info from me ;)
I will send you my source today. It is a bit ugly and based on reverse 
engineering but it is definitely better than Gauntlet one which is
pretty dumb.

>  If memory serves, one of them was included
> (or available?)
> with Gauntlet.  Another couple of guys on the FreeTDS group are looking at doing
> something
> along those lines.  None of the ones I've heard of specifically claim to be able
> to make things
> read-only.  If you outlaw stored procs, and have the source for the TDS proxy,
> you could
> probably just limit it to select statements.  If you need stored procs, there
> won't be any good
> way for a proxy to know if the stored proc does updates or not.
>
> > In my understanding, Sybase keeps it's protocol specs proprietary which makes
> it probably hard for a firewall vendor to do a good job.
>
> We're about to release the specs, and open-source OpenClient.   Real Soon Now.
> Seriously, we are... I think our legal department is just taking their time.

Hmm, could you just tell me some things i need to implement that?


                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBN0Ji7aH/mIJW9LeBAQHipAP/aehjvP+A8s2Jjy6edaGoZ0A/AvsFUXEu
2tLVHgGx3pTlbFN3JjGjNR+7sMCZeFuDOJgSqiuAEzB+pRFV6v5vEXU+kAe3qZXC
IWONNX/J7xIqQ0PlbRH0fD55z3/HfMMnqcQdpG6+B4EGlX8+ajnH2+5oex/gtkqT
yPp3gmRm48k=
=cfPO
-----END PGP SIGNATURE-----