| Subject | Re: [Firebird-Architect] database encryption |
|---|---|
| Author | Sijun Kang |
| Post date | 2010-11-04T00:10:15Z |
With all due respect to what you said, I do need to point out that, as a
starting point of making information secure, limiting the programs that can
get access
to the information is a good practice. And that would provide
much less ends as to what we should protect (or fight against).
I wish the problem could be described as a simple one of "administrate your
computer well". But in reality, even if you (and me, maybe) can follow all
the due diligence of following the best security practice and make the
system as secure as an iron-wall, the users of your program and my
program most likely would just depend on the application to provide the
security (if available). If we (as programmers) can write such application
that only requires an average-joe user to follow some simple rules
and provide a good security of their data, (definely not promising the
world!), I think that would be something worth celebrating.
Regards,
Sijun Kang
On Wed, Nov 3, 2010 at 7:36 PM, Geoff Worboys <geoff@...
starting point of making information secure, limiting the programs that can
get access
to the information is a good practice. And that would provide
much less ends as to what we should protect (or fight against).
I wish the problem could be described as a simple one of "administrate your
computer well". But in reality, even if you (and me, maybe) can follow all
the due diligence of following the best security practice and make the
system as secure as an iron-wall, the users of your program and my
program most likely would just depend on the application to provide the
security (if available). If we (as programmers) can write such application
that only requires an average-joe user to follow some simple rules
and provide a good security of their data, (definely not promising the
world!), I think that would be something worth celebrating.
Regards,
Sijun Kang
On Wed, Nov 3, 2010 at 7:36 PM, Geoff Worboys <geoff@...
> wrote:[Non-text portions of this message have been removed]
> Sijun Kang wrote:
> > EFS (I assume that you refers to Encrypted File System, such
> > as the mounted drive/folder provided by software like
> > TrueCrypt) does privide the security that I described, but
> > not without penalty though. Once I mount a decrypted drive,
> > it's data is exposed to other programs as well. Whereas
> > database with encryption capacity provides more control in
> > this perspective and thus seems to serve as a better
> > environment to host sensitive data.
>
> Access via other systems is only possible if you let it.
>
> Remember that security is only possible while you have physical
> control of the system - which means you also have access to the
> file system and usual operating system access controls.
> Solving the "problem" you note above is done in exactly the
> same way that you should be doing it now if it is an issue:
> . create a user specially to run the Firebird server
> . set access controls to limit access to that user
>
> Of course for embedded this doesn't work, but if you're worried
> about malware running on the same computer as your embedded
> system then you're already in trouble. If your not worried
> about malware then having an encrypted volume is useful for all
> sorts of reasons and one of the advantages of using something
> like EFS or Truecrypt - it is a rare security conscious user
> that wants to secure just one database.
>
> --
> Geoff Worboys
> Telesis Computing
>
>
>
> ------------------------------------
>
> Yahoo! Groups Links
>
>
>
>