Chapter 1. IDS essentials 31
second session. If during the waiting period, an attacker launches an attack in
a loop mode, a flood of attacks can be received on the connection.
To reduce the risk of denial of service attacks IDS provides multiple listener
threads (listen_authenticate) to handle connections and imposes limits on the
availability of the listener VP for incomplete connections. Two new
configuration parameters can be used to customize this feature:
LISTEN_TIMEOUT
Sets the incomplete connection time-out period (in seconds). This is the
number of seconds the server waits for the connection. The default value of
LISTEN_TIMEOUT parameter is 10.
MAX_INCOMPLETE_CONNECTION
You can restrict the number of incomplete requests for the connection using
MAX_INCOMPLETE_CONNECTION parameter. When the maximum value
is reached, an error message stating that server might be under Denial of
Service attack is written in the online message log file. The default value of
the MAX_INCOMPLETE_CONNECTION parameter is 1024.
1.3.3 Administration and usability
In this section, we provide a brief overview of the administration and usability
features of IDS V10.
Single User Mode
Single user is an intermediate mode between quiescent mode and online
mode. This is an administrator mode which only allows user informix to
connect and perform any required maintenance, including the task requiring
the execution of SQL and DDL statements. You can set this mode using the -j
flag of the oninit and the onmode commands. The oninit -j command brings
the server from offline to single user mode and onmode -j brings the server
from online to single user mode. The server makes an entry in the message
log file whenever it enters and exits the single user mode. Figure 1-9 shows
an example of using onmode command to set the single user mode.
Figure 1-9 The onmode -j example
32 Informix Dynamic Server V10 . . . Extended Functionality for Modern Business
Renaming Dbspaces
The need to rename the standard dbspaces might arise if you are
reorganizing the data in an existing dbspace. You can rename a previously
defined dbspace if you are user informix or have DBA privileges, and the
database server is in quiescent mode. The rename dbspace operation only
changes the dbspace name, it does not reorganize the data. It updates the
dbspace name in all the places where dbspace name is stored, such as
reserved pages on disk, system catalogs, the ONCONFIG file and in memory
data structures.You can also use onspaces command to rename the dbspace.
Here are some restrictions when using the rename dbspace feature:
– You cannot rename the critical spaces such as rootdbspace and space
containing physical logs and logical logs.
– You cannot rename a dbspace with down chunks.
– You cannot rename spaces with onmonitor command.
You must take a level 0 archive of the renamed space and root dbspace after
rename operation. Figure 1-10 shows the example of using onspaces
command to rename dbspace.
Figure 1-10 Renaming dbspace using the onspaces command
Ontape use of STDIO
If you are using ontape to backup and restore data, you can now use
standard I/O instead of a tape device or disk file. This feature enables
pipe-based remote backups/restores such as might be done in HDR or to a
UNIX utility such as CPIO, TAR, or COMPRESS or to disk with a specific
filename other than that used by L/TAPEDEV. You can set this by setting the
value of configuration parameter TAPEDEV to STDIO. Refer to 9.3.1, “Ontape
to STDIO” on page 274 for more detail.
Get Informix Dynamic Server V10 . . . Extended Functionality for Modern Business now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
