2
<!--Copyright 1997-2002 by Sleepycat Software, Inc.-->
3
<!--All rights reserved.-->
4
<!--See the file LICENSE for redistribution information.-->
7
<title>Berkeley DB Reference Guide: Security</title>
8
<meta name="description" content="Berkeley DB: An embedded database programmatic toolkit.">
9
<meta name="keywords" content="embedded,database,programmatic,toolkit,b+tree,btree,hash,hashing,transaction,transactions,locking,logging,access method,access methods,java,C,C++">
12
<a name="2"><!--meow--></a>
13
<table width="100%"><tr valign=top>
14
<td><h3><dl><dt>Berkeley DB Reference Guide:<dd>Environment</dl></h3></td>
15
<td align=right><a href="../../ref/env/region.html"><img src="../../images/prev.gif" alt="Prev"></a><a href="../../reftoc.html"><img src="../../images/ref.gif" alt="Ref"></a><a href="../../ref/env/encrypt.html"><img src="../../images/next.gif" alt="Next"></a>
18
<h1 align=center>Security</h1>
19
<p>The following are security issues that should be considered when writing
20
Berkeley DB applications:
22
<p><dt>Database environment permissions<dd>The directory used as the Berkeley DB database environment should have its
23
permissions set to ensure that files in the environment are not accessible
24
to users without appropriate permissions. Applications that add to the
25
user's permissions (for example, UNIX setuid or setgid applications),
26
must be carefully checked to not permit illegal use of those permissions
27
such as general file access in the environment directory.
28
<p><dt>Environment variables<dd>Setting the <a href="../../api_c/env_open.html#DB_USE_ENVIRON">DB_USE_ENVIRON</a> and <a href="../../api_c/env_open.html#DB_USE_ENVIRON_ROOT">DB_USE_ENVIRON_ROOT</a> flags
29
and allowing the use of environment variables during file naming can be
30
dangerous. Setting those flags in Berkeley DB applications with additional
31
permissions (for example, UNIX setuid or setgid applications) could
32
potentially allow users to read and write databases to which they would
33
not normally have access.
34
<p><dt>File permissions<dd>By default, Berkeley DB always creates files readable and writable by the owner
35
and the group (that is, S_IRUSR, S_IWUSR, S_IRGRP and S_IWGRP; or octal mode
36
0660 on historic UNIX systems). The group ownership of created files is
37
based on the system and directory defaults, and is not further specified
39
<p><dt>Temporary backing files<dd>If an unnamed database is created and the cache is too small to hold
40
the database in memory, Berkeley DB will create a temporary physical file to
41
enable it to page the database to disk as needed. In this case,
42
environment variables such as <b>TMPDIR</b> may be used to specify
43
the location of that temporary file. Although temporary backing files
44
are created readable and writable by the owner only (S_IRUSR and
45
S_IWUSR, or octal mode 0600 on historic UNIX systems), some filesystems
46
may not sufficiently protect temporary files created in random
47
directories from improper access. To be absolutely safe, applications
48
storing sensitive data in unnamed databases should use the
49
<a href="../../api_c/env_set_tmp_dir.html">DB_ENV->set_tmp_dir</a> method to specify a temporary directory with
52
<table width="100%"><tr><td><br></td><td align=right><a href="../../ref/env/region.html"><img src="../../images/prev.gif" alt="Prev"></a><a href="../../reftoc.html"><img src="../../images/ref.gif" alt="Ref"></a><a href="../../ref/env/encrypt.html"><img src="../../images/next.gif" alt="Next"></a>
54
<p><font size=1><a href="http://www.sleepycat.com">Copyright Sleepycat Software</a></font>