Examining the Informix Architecture
Before discussing how Informix can be compromised, let's look at the Informix architecture. Of all the well-known database servers Informix has one of the most simple architectures — on a par with SQL Server but not as simple as MySQL.
Informix on the Network
An Informix database server is known as a server instance. A server instance is usually given the name OL_HOSTNAME, where HOSTNAME is the name of the host. The main Informix process that hosts the server instance, oninit, listens on TCP port 1526 by default for client connections. Interestingly this port is also often used by Oracle, so can lead to confusion when examining the results of a TCP port scan. Over the network Informix uses a proprietary protocol called Turbo. We'll look at this protocol in more depth in the next chapter.
Connecting to a Remote Informix Server
The dbaccess tool, which has to be, in my opinion, one of the most fiddly query tools ever conceived, is supplied with Informix. This tool can be used to connect to and query Informix database servers. To be able to connect to a remote server using this tool you need to tell it about the remote server. How you do this depends on whether you're running Windows or Linux. On Linux there's a file called sqlhosts in the $INFORMIXDIR/etc directory. Add a line that reads similar to
ol_srvinst onsoctcp ipaddress turbo
where ol_srvinst is the server instance name, onsoctcp is the protocol to use, ipaddress is the IP address of ...
Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
