Subject Re: [Firebird-Java] Security Features in Firebird
Author Jeroen Wenting
> Hello everybody,
> I am using firebird 2.0. The firebird database is good,
> unfortunately, the database file could be easily copied and be READ
> on another pc/computer without any password protection. It means

that's essentially the same with any database. If you can get at the physical
files you can do pretty much anything with them.

> that if someone want to read the content of the database, he just
> need to copy the database file and install firebird 2.0 into his
> computer and then attach the database file into the firebird 2.0 of
> his computer.

He'd also need a username and password you had set up for the database to do
anything with it.

> Is there any way to prevent this ?

Database security includes securing access to the actual machines on which the
server is running.
That can be as simple as shutting down telnet access to those machines,
requiring ssh access instead, and putting a big lock on the door to the
serverroom the key of which is kept in a secure place with a strict accesslist.

Once an intruder makes it onto a machine he can basically do anything with the
data on that machine, Oracle or Firebird doesn't matter anymore at that stage
(and you'd be surprised at the number of even major corporations that have the
default administrator account and password in place on their production Oracle

Security isn't a single layer, it must always be a complete and well thought out

[Non-text portions of this message have been removed]