Subject Re: [IB-Architect] Re: Nailing down the external file problem.
Author Geoff Worboys
> Let us suppose I have a completely pre-configured solution
> and I don't want customers to have full access to the database.

A curious scenario in the brave new world of open source :-)

It was previously suggested that the ISC4.GDB was a well know
"weakness". I would suggest that it is really a design decision made
a long time ago. So it is not a weakness or a bug, but working as
designed.

To the best of my knowledge there is no reliable work-around for this
situation (but I am not an encyption expert). You can make it more
difficult, but that is all.

AFAIK any further security will require some form of encryption, and
the only way this would be properly secure is if the key was provided
manually every time the server restarts - which is rather impractical
for a database distributed to many customers that dont know the key.
(And there are existing solutions to support the manually entered key
scenario.)

Other suggestions require that the key is stored somewhere. Cant put
it in the registry, the customer will have access. Could put it in
the ISC4 database but then we just copy that database somewhere and
extract independantly (it is just a GDB after all).

So the question becomes: Do you really want to spend time on a
half-baked security solution? Some say "keep honest people honest" -
they are always the ones we stick it to, because they make it so easy.
;-)

As you have probably gathered, my preference is to leave this issue
alone unless/until someone can come up with a design that makes the
additional security worth having.

Geoff Worboys
Telesis Computing