MaxDB 7.5

MaxDB is a complete open-source (GPL) enterprise-grade Relational Database Management System (RDBMS) developed by SAP AG. Due to its good portability MaxDB runs on mostly all relevant platforms including Windows, MacOSX, Linux and several Unix derivates like IBM-AIX, HP-UX, Sun Solaris (SPARC).

Key Features

• Reliability
• Multithreaded database kernel
• Mostly ANSI SQL99 compliant (plus an optional Oracle^TM compatibility mode)
• Common features like BLOBs, user-defined DB functions, stored-procedures, triggers, RI-constraints and so on
• Fine-grained user access right granting on tables or fields
• Good concurrency due to row-level locking and an adjustable isolation-level
• Broad range of available interfaces: command-line tools, Embedded SQL (C/C++), ODBC, JDBC (Type-4 pure-Java) and specific APIs for Perl, Python, PHP and a proprietary OO-API for C++
• Easy administration with a sophisticated web-interface, command-line tools (e.g. for scripting) or a Windows GUI-Application
• Online backup (full/incremental) on filesystem, tapes, or all major backup solutions like Legato Networker^TM, IBM Tivoli^TM and all "Oracle^TM-Backint"-compatible backup systems.
• Online replication ("Hot-Standby") for high-availability
• And of course, it's designed for 7x24 h operation

Why?

The goal of this project is to provide new builds of this mature, yet powerful database system for recent releases of the major platforms and to bring the development of this last open-source-branch alive, again (MaxDB-7.6 had serious problems with e.g. JBoss-EJB. Since MaxDB-7.7 its development has moved back to SAP AG and the source-code is not available anymore).

Most of the time was spent in realizing a native MacOSX-port (Snow Leopard) of MaxDB, which meanwhile also passes the regression tests. Furthermore, some of really annoying bugs appearing on mostly all platforms and never addressed by SAP AG or MySQL, Inc. seem to be finally fixed, now.

Roadmap

1. Providing installation packages for MacOSX Snow Leopard, Linux 2.6.x and Windows 2000/XP+
2. Migrating the source code to Mercurial and publishing it. Currently, the code still resides in a local CVS repository and needs some general cleanup, first.
3. Fixing security issues (see below)

What's about security issues?

There seem to be (just a few) known security issues, which are not yet fixed at this time -- this project is based on the most recent official GPL-release of MaxDB-7.5, namely V7.5.00.44.

Security is a broad field and a very complex topic. Simply, don't trust software with no known security issues! If you're running a Web-Application it is more likely that a bad guy will try to gain access by exploiting flaws of the web-server (e.g. the widely spread and well-known Apache HTTP Server) or other software running on that server, instead of worry about how to connect directly to the RDBMS. If he just wants to corrupt your database, he propably will try to exploit flaws in your software, e.g. by using SQL injection. There're many ways to enter your server and then the bad guy is really just a few small steps away from gaining superuser rights and killing all of your data.

Simply, do not allow an attacker to enter your server: close all relevant TCP/UDP ports, in particular the RDBMS-ports, keep your application and/or the web-server software up-to-date. Use tunneling techniques (e.g. ssh) to connect remotely to your database.

Of course, it is evident that all known security issues must be fixed. I'll try to analyze the differences in the source-code between the relevant versions of MaxDB in the very near future.