Sijun Kang wrote:

> EFS (I assume that you refers to Encrypted File System, such
> as the mounted drive/folder provided by software like
> TrueCrypt) does privide the security that I described, but
> not without penalty though. Once I mount a decrypted drive,
> it's data is exposed to other programs as well. Whereas
> database with encryption capacity provides more control in
> this perspective and thus seems to serve as a better
> environment to host sensitive data.

Access via other systems is only possible if you let it.

Remember that security is only possible while you have physical
control of the system - which means you also have access to the
file system and usual operating system access controls.
Solving the "problem" you note above is done in exactly the
same way that you should be doing it now if it is an issue:
. create a user specially to run the Firebird server
. set access controls to limit access to that user

Of course for embedded this doesn't work, but if you're worried
about malware running on the same computer as your embedded
system then you're already in trouble. If your not worried
about malware then having an encrypted volume is useful for all
sorts of reasons and one of the advantages of using something
like EFS or Truecrypt - it is a rare security conscious user
that wants to secure just one database.

--
Geoff Worboys
Telesis Computing