--- In Firebird-Java@yahoogroups.com, Jeroen Wenting <jwenting@...> wrote:

>
>
>
> > Hello everybody,
> > I am using firebird 2.0. The firebird database is good,
> > unfortunately, the database file could be easily copied and be READ
> > on another pc/computer without any password protection. It means
>
> that's essentially the same with any database. If you can get at the

physical

> files you can do pretty much anything with them.
>
> > that if someone want to read the content of the database, he just
> > need to copy the database file and install firebird 2.0 into his
> > computer and then attach the database file into the firebird 2.0 of
> > his computer.
> >
>
> He'd also need a username and password you had set up for the

database to do

> anything with it.
>
> >
> > Is there any way to prevent this ?
>
> Database security includes securing access to the actual machines on

which the

> server is running.
> That can be as simple as shutting down telnet access to those machines,
> requiring ssh access instead, and putting a big lock on the door to the
> serverroom the key of which is kept in a secure place with a strict

accesslist.

>
> Once an intruder makes it onto a machine he can basically do

anything with the

> data on that machine, Oracle or Firebird doesn't matter anymore at

that stage

> (and you'd be surprised at the number of even major corporations

that have the

> default administrator account and password in place on their

production Oracle

> databases...).
>
> Security isn't a single layer, it must always be a complete and well

thought out

> system.
>
>
> [Non-text portions of this message have been removed]
>

Thank you for your good explanation. :)