| Subject | Re: [Firebird-Architect] authentication and privileges |
|---|---|
| Author | Alexandre Benson Smith |
| Post date | 2004-09-24T22:49:32Z |
Kevin Lingofelter wrote:
I think the only way to avoid a compiled FB without security to access
confidential data is to encrypt the data, but AFAIR this have been
discussed earlier, and is not a trivial task...
And anyway, the key to decript the data should be stored somewhere and
if the guy can get the datafile, he can get the key too...
see you !
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br
>In our case, we distribute an end user application with proprietaryNo physical security means no security at all....
>lookup data. Currently, all an end-user has to do is replace the
>security.fdb to gain SYSDBA privelages.
>
>Having the database either bound to a specific security.fdb file or
>having the users stored in the database itself would eliminate (well,
>greatly reduce the likelihood of) this problem.
>
>Kevin Lingofelter
>
>
>
I think the only way to avoid a compiled FB without security to access
confidential data is to encrypt the data, but AFAIR this have been
discussed earlier, and is not a trivial task...
And anyway, the key to decript the data should be stored somewhere and
if the guy can get the datafile, he can get the key too...
see you !
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br