7.2. How to corrupt a database
The following sections constitute a summary of things not to do if you want to keep your Firebird databases in good health.
7.2.1. Disabling forced writes
Firebird is installed with forced writes (synchronous writes) enabled by default. Modifications are written to disk immediately upon posting.
It is possible to configure a database to use asynchronous data writes — whereby modified or new data are held in the memory cache for periodic flushing to disk by the operating system’s I/O subsystem. The common term for this configuration is forced writes off (or disabled). It is sometimes resorted to in order to improve performance during large batch operations.
Disabling forced writes on Windows
The big warning here is: do not disable forced writes on a Windows server. It has been observed that the Windows server platforms do not flush the write cache until the Firebird service is shut down. Apart from power interruptions, there is just too much that can go wrong on a Windows server. If it should hang, the I/O system goes out of reach and your users’ work will be lost in the process of rebooting.
Disabling forced writes on Linux
Linux servers are safer for running an operation with forced writes disabled temporarily. Still, do not leave it disabled once your large batch task is completed, unless you have a very robust fall-back power system.
7.2.2. Restoring a backup to a running database
One of the restore options in the gbak
utility (gbak -rep[lace_database]
) allows you to restore a gbak file over the top of an existing database. It is possible for this style of restore to proceed without warning while users are logged in to the database. Database corruption is almost certain to be the result.
Notice that the shortest form of this command is These changes have been made because many users thought that the |
Be aware that you will need to design your admin tools and procedures to prevent any possibility for any user (including |
If is practicable to do so, it is recommended to restore to spare disk space using the gbak -c
option and test the restored database using isql
or your preferred admin tool. If the restored database is good, shut down the old database (you can use the gfix
command-line tool for this; see Firebird Database Housekeeping Utility (HTML) or Firebird Database Housekeeping Utility (PDF)). Make a filesystem copy of the old database just in case and then copy the restored database file(s) over their existing counterparts.
7.2.3. Allowing users to log in during a restore
If you do not block access to users while performing a restore using gbak -rep
then users may be able to log in and attempt to do operations on data. Corrupted structures will result.