Subject Re: [IB-Architect] Fw: Mischievous SYSDBA
Author Jan Mikkelsen
Tim Uckun <tim@...> wrote:
>We keep going around on this. Surely either there is a solution or a
>compromise someplace.
>Presuming that the need to keep data secure is a legitimate one we ought to
>work towards a solution. everything you say is absolutely 100% right but
>that does not mean that we should do nothing and leave everything

What does "keep data secure" mean here? Do you want to keep things
confidential, authenticate people, make sure things aren't tampered with, or
what? Are you trying to protect things from the adminstrator of the machine
or from outside attackers?

>Take for example access (please!). You can "lock" an access database with a
>password. If your application "knows" the password then you can open it and
>start working if not then you have to expend effort into cracking the
>password. Once you are in there is also a user level permission system
>where another layer of authentication takes place. Is this perfect? Of
>course not. But it is a reasonable effort at securing your data. That's all
>anybody is asking for here. Not perfect just a reasonable degree of Due

My reading of this is that the requirement is really for something that
looks like enough like security to fool those who don't know any better.

I don't think it would be difficult to encrypt every page using some key
embedded in an application. There's even an unimplemented dpb parameter for
passing the key to the server. If that's all you want, I'm sure you could
pay ISC for some bespoke development and get the feature added.

However, just because cryptography is used on the disk does not make is
secure, nor does it mean that "due diligence" has been applied. It just
means the problem has been obscured and people are lulled into a false sense
of security, at the expense of wasted developer and processor time. It
would take a semi-competent developer a few seconds to recover the key using
a debugger and the source to Interbase, a little while longer if the source
wasn't available. You could probably even pick up the key using a packet
sniffer and not even need to be on the same machine.

>Surely the combined brainpower of the listserve can find a solution.

Maybe. But whether the combined brainpower could be bothered or not is
another question, and I still haven't seen a precise requirement stated.

Jan Mikkelsen.