| Subject | Re: [ib-support] protecting database |
|---|---|
| Author | Andreas Pohl |
| Post date | 2001-03-31T01:41:37Z |
I would like to inform that solved my own problem how to protect an
Interbase database for "unwanted" copy (even it is physically accessibly).
First I tried e4m (www.e4m.net). It is providing an encrypted drive so an
Interbase file is only available if this protected drive is mounted. Very
fast, cheap and a "software only" solution :). But database file is
available/readable if my app is unable to dismount this protected drive :(
My final solution is a software/hardware combination. I'm already using
hardlock devices (www.hardlock.com, www.alladin.de ). There is a protection
system ("Hardlock Bistro") for patching binaries only run if hardlock is
present. I applied this patch to IBserver without any problems. Second step
is to assign file extensions to include with or without encryption. I
decided that *.gdb files should be readable and *.gds files should be
encrypted. Last step was to run a backup from an existing gdb file and
building an gds file via GBAK's restore.
Finally I've got a database running only with patched ibserver version (that
is only running with right hardlock device). A copy of this database is
completely useless on other Interbase systems. But running GBAK will produce
a full accessibly database if it restored with gdb extension.
BTW if protected extension is *.* then this patched IBserver version would
not provide a decrypted database at all!
This a solution what I'm looking for because I've to provide a
briefcase/replication system offline on clients pc and security of data was
"first priority". Maybe these are useful informations to others, for me - at
least - it was:)
Mit freundlichem Gruss & Best Regards
Andreas Pohl
apohl@...
www.ibp-consult.com
Interbase database for "unwanted" copy (even it is physically accessibly).
First I tried e4m (www.e4m.net). It is providing an encrypted drive so an
Interbase file is only available if this protected drive is mounted. Very
fast, cheap and a "software only" solution :). But database file is
available/readable if my app is unable to dismount this protected drive :(
My final solution is a software/hardware combination. I'm already using
hardlock devices (www.hardlock.com, www.alladin.de ). There is a protection
system ("Hardlock Bistro") for patching binaries only run if hardlock is
present. I applied this patch to IBserver without any problems. Second step
is to assign file extensions to include with or without encryption. I
decided that *.gdb files should be readable and *.gds files should be
encrypted. Last step was to run a backup from an existing gdb file and
building an gds file via GBAK's restore.
Finally I've got a database running only with patched ibserver version (that
is only running with right hardlock device). A copy of this database is
completely useless on other Interbase systems. But running GBAK will produce
a full accessibly database if it restored with gdb extension.
BTW if protected extension is *.* then this patched IBserver version would
not provide a decrypted database at all!
This a solution what I'm looking for because I've to provide a
briefcase/replication system offline on clients pc and security of data was
"first priority". Maybe these are useful informations to others, for me - at
least - it was:)
Mit freundlichem Gruss & Best Regards
Andreas Pohl
apohl@...
www.ibp-consult.com
> I've to deploy my app/database to ensure offline searching capabilities.How
> do I avoid "unwanted copies" of database. I tought about using protected
> drives (http://www.scramdisk.clara.net). I would enable it at starting my
> app and disabling it when I should down my app.
>
> Is there a better way to do it?