| Subject | Re: [IB-Architect] Fw: Mischievous SYSDBA |
|---|---|
| Author | Jim Starkey |
| Post date | 2000-05-22T18:58:18Z |
At 08:45 PM 5/22/00 +0200, Steve Tendon wrote:
can trash your database encrypted or not. Somebody with any
database access and the same OS privileges as the server can
recover the key and decrypt the database. Encyrption is only
a solution if you can protect the key. If you can use the OS
to protect the key, you can use the OS to protect the file.
Obscurity is not security. If you can't guarentee key security,
encryption doesn't buy you anything. Hiding the key on the
server doesn't work. Giving it to every user to pass on a
connect doesn't work.
Jim Starkey
>What threat are you worrying about? Somebody with write access
>
>> The fundamental basis of InterBase (or any database) security
>> is that the operating system file security is being used appropriately.
>
>I've heard this argument over and over again (especially from Bill K). I
>agree that OS security is the way to go, but only ~if~ you have access to
>the OS in the firstplace. Unfortunately all those VARs that are embedding IB
>into their products, and maybe sell their products shrink wrapped, might not
>even know who their customer's are, let alone have access to their OS.
>
can trash your database encrypted or not. Somebody with any
database access and the same OS privileges as the server can
recover the key and decrypt the database. Encyrption is only
a solution if you can protect the key. If you can use the OS
to protect the key, you can use the OS to protect the file.
Obscurity is not security. If you can't guarentee key security,
encryption doesn't buy you anything. Hiding the key on the
server doesn't work. Giving it to every user to pass on a
connect doesn't work.
Jim Starkey