Subject RE: [IB-Architect] Re: Some thoughts on IB and security
Author Claudio Valderrama C.
> -----Original Message-----
> From: rfm@... [mailto:rfm@...]
> Sent: Miércoles 26 de Abril de 2000 20:14
> To:
> Subject: Re: [IB-Architect] Re: Some thoughts on IB and security

Nice to see you found a new employer, Reed.

> > My own belief is that we can not protect the database from those
> > who have physical access to it. Nor can we keep a disgruntled
> > system administrator from causing damage. However, we should
> > be able to keep unauthorized people out and limit people to their
> > authorized areas.

This is not the purpose of security. If you can't trust your generals, then
don't build missiles. ;-)
If people have direct access to the db or the administrator works as a
cracker before going home, it's not our problem. The minimum safety must be
against internal/external remote connections. If any user can copy the gdb
or backup locally a remote gdb, the game is over.

> I agree. BTW, what I ment by plugins was some fairly flexable way
> of letting some other service do/verify the authentication. Giving
> sites the option of using their whatever their single sign on
> system might be. Of course, you then have to worry about the security
> of your plug-in mechanism. I have no idea what the practicalities
> of the situation are. How do Oracle, MS etc do it ?

I don't know about Oracle. When I used it, I did a basic installation and
had to use some Oracle pw.
In MsSql, as you know, there are two modes: integrated, where you let NT to
provide the security and the accounts are the same; and independent, where
MsSqlServer authenticates users according to its own rules and settings. I
don't know about the internals or whether you can change security mechanism
by unloading/loading a DLL for example.

> On the topic of security enhancments, if you run IB as a web backend,
> and run the ibserver on the same machine as the web server, it would
> seem to be a good idea to use IPC and disable tcp/ip (both for security
> and efficiency). Previously, this could be done with by using a local
> interbase license.
> Now that the licensing code is removed, there should be a configuration
> option to enable or disable specific protocols.

Now that you have tried, I assume you are more familiar with the convoluted
steps to make IB run as a service but without giving it the SYSTEM account.
This is the reason why setting tcp/ip is easier to communicate IB with IIS
on the same machine.


> --
> Reed Mideke
> rfm(at)

Claudio Valderrama C.
Ingeniero en Informática - Consultor independiente