• Welcome to SQLitening Support Forum. Please login.
 
May 24, 2022, 01:04:40 AM

News:

Welcome to the SQLitening support forums!


Files not in SQLightning 'root'

Started by Joe Byrne, November 24, 2014, 11:56:14 PM

Previous topic - Next topic

Joe Byrne

Is there a technical reason why files (databases) can't be created outside the SQLightning remote folder?


I really need to set up separate paths for different customer's on my server. I can control the access control of these locations through the standard server tools.  Looking over the SQLightning Server Source code, it "appears" that I could simply remove the test for Colon, dot-dot, and slash-dot and things should work fine, but I'd like to know if there are any unforeseen issues with this.


Yes, I know I can create these databases below the current SQLightning folder, but I'd much rather place them on a dedicated drive other than where SQLightning exists.

cj

November 28, 2014, 11:00:38 AM #1 Last Edit: November 28, 2014, 02:53:01 PM by cj
#INCLUDE "sqlitening.inc"
FUNCTION PBMAIN AS LONG
  LOCAL sdata AS STRING
  slconnect "127.0.0.1",51234
  slgetfile "c:\windows\hh.exe",sdata,"E0" 'handle our own error
  IF LEN(sdata) THEN
     ? "Security breach",,FORMAT$(LEN(sdata),"#,") + " bytes"
  ELSE
     ? slGetError
  END IF
END FUNCTION

I liked your idea so much that I've moved databases to another drive.
IF %AllowOtherDrive THEN
    rsDataIn = LEFT$(rsDataIn,10) + $dbDrive + MID$(rsDataIn,11)  'insert allowed drive before file name
END IF 




If not using slGetFile or slPutFile might consider locking it out or add some lines to only allow some of them.


FUNCTION GetAndPutFile(rsFileName AS STRING, _
                       bsFileData AS STRING, _
                       BYVAL rlGetOrPut AS LONG, _
                       BYVAL rlModFlags AS LONG, _
                       BYVAL rlTcpFileNumber AS LONG) AS LONG

  IF %AllowGetAndPutFile = 0 THEN
    FUNCTION = %SQLitening_FileOpenGetPutError
    EXIT FUNCTION
  END IF

  IF %AllowOtherDrive THEN
    IF UCASE$(LEFT$(rsFileName$,2)) <> UCASE$(LEFT$($dbDrive,2)) THEN  'must be on $dbDrive
      FUNCTION = %SQLitening_FileOpenGetPutError
      EXIT FUNCTION
    END IF
  END IF         








                           

cj

I've been doing it since you brought up the subject.