firebird icon indicating copy to clipboard operation
firebird copied to clipboard
verified publisher icon FirebirdSQL

Provide ability to calculate number of active attachments efficiently, without MON$ queries or parsing lock-print output [CORE5164]

Open firebird-automations opened this issue 9 years ago • 8 comments

Submitted by: @pavel-zotov

It will be extremely useful for lot of testing purpoces (and not only for them) to get number of current sessions. After discuss with dimitr following syntax seems to be appropriate for this:

select RDB$GET_CONTEXT('SYSTEM', 'SESSION_COUNT') from rdb$database;

PS. Please, add this ability not only in 4.0 but also in 2.5 and 3.0.

firebird-automations avatar Mar 23 '16 12:03 firebird-automations

Modified by: @dyemanov

assignee: Dmitry Yemanov [ dimitr ]

firebird-automations avatar Mar 27 '16 11:03 firebird-automations

Modified by: @dyemanov

summary: Provide ability for fast receive number of current attachments, WITHOUT querying monitoring or call fb_lock_print and parsing its output => Provide ability to calculate number of active attachments efficiently, without MON$ queries or parsing lock-print output

Version: 4.0 Initial [ 10621 ] =>

firebird-automations avatar Mar 27 '16 11:03 firebird-automations

What should happen if the session count is requested by non-locksmith user? Still returning a valid count may be considered a security risk. Return number of attachments belonging to the current user? Throw a permission error?

dyemanov avatar Sep 16 '22 17:09 dyemanov

Such ability exists since IB times, but requires use of services: ./fbsvcmgr localhost:service_mgr user sysdba password masterkey info_svr_db_info Databases: Number of attachments: 1 Number of databases: 1 Database in use: /usr/home/firebird/HEAD/gen/Debug/firebird/examples/empbuild/employee.fdb But it reports total attachments count, not per-database information. Agree - from security POV that appears at least suspicious, and yes, we should no add new security problems.

I suggest to limit use of this new feature to locksmith. What system privilege do we plan to use? More or less OK are MONITOR_ANY_ATTACHMENT / TRACE_ANY_ATTACHMENT. Or may be new one?

AlexPeshkoff avatar Sep 20 '22 10:09 AlexPeshkoff

Solution using services does not work for Classic ;-) As for the expected privilege, I'd suggest either MONITOR_ANY_ATTACHMENT or some new privilege.

And one more question - should we return count of all attachments, including system ones? It would be consistent with MON$ tables, but I'm afraid this may be not really expected by users. If you get for example "3" as result and you know you're already connected yourself, does it mean there are other 2 connections or you're the only one connected and the rest are system attachments? You cannot know that from SESSION_COUNT alone. So perhaps only user sessions should be counted there.

dyemanov avatar Sep 20 '22 11:09 dyemanov

May be new one? SESSION_COUNT is definitely less dangerous info than MONITOR_ANY_ATTACHMENT.

In SESSION_COUNT we certainly should return count w/o system attachments. But who says we can't also have TOTAL_ATTACHMENTS context?

AlexPeshkoff avatar Sep 20 '22 12:09 AlexPeshkoff

USER_SESSION_COUNT / TOTAL_SESSION_COUNT ? And COUNT_ATTACHMENTS system privilege?

dyemanov avatar Sep 20 '22 12:09 dyemanov

Something like this... Though system attachments are hardly sessions.

AlexPeshkoff avatar Sep 20 '22 12:09 AlexPeshkoff