At 07/16/2002 09:29 AM (Tuesday), Ernesto A. Zapata Icart wrote:

> > Simply refusing (physical) access to the server, to the
> > isc4.gdb and to your database file should help a lot.
>
>Simply? If for something reason -hacker attack, no security improve on
>the server, etc- the file is accessed, ¿what's happen with my data?
>¿loss in the curious hand's?. I know about physical security on the
>server, but... the file, the blessed file, no doesn't have own
>security!!. How I can obtain an instance more than security in the own
>file? Yes, I'm a paranoid, but -I think- I'm reasonable too.

Any "security" built into the GDB file is no security at all because once
someone gains access to the file itself they have your data. Nothing can
really stop them, including encryption, because if they have your GDB file
they also will have access to your running server. If they have access to
the running server they know how your server decrypts the GDB file and they
can thus do it themselves.

Therefore, real security starts with physical security of the server and
then must extend to denying access (across the wire) to the GDB files
themselves.

Now I know that the best security schemes are multi-layered. The idea being
that you should just keep putting hindrances in the way of the attacker to
make it more difficult to continue the attack. However, if those hindrances
also interfere with normal operations they will not be used. Plus, if they
really don't add to the effective security they become mere annoyances.
That is the category in which I would place the idea of protecting the GDB
file through encryption or some such scheme.