| Subject | Re: [ib-support] Suggestion for Interbase/Firebird security |
|---|---|
| Author | Alexandre Benson Smith |
| Post date | 2003-01-10T15:40:20Z |
At 21:08 09/01/2003 +0100, you wrote:
are stored in a single file) and you just grant access for some databases.
One user could create overwrite (create on another machine, etc.) the
original password file with the same users and with passowrd he knows,
since that user has access to one GDB and he changes the password files
with one he knows the password the same problem will happen as copy the GDB
to another machine.
But, IMHO, if the users and passwords are stored inside the GDB, only valid
users for that GDB will have access, even if you copy it to another
machine, the users and passwords will remain te same.
The backup could be encryted using the "ADMIN" password (the "ADMIN" user
will be created with the database creation like an owner, and just the
ADMIN will be able to restore the backups since the password is the key to
decript it).
I do know encryption to tell how to do it and how good it is... I am just
telling what I am think that is a good way of do it. I think if anyone who
knows well encruption and data protection could tell if this is ok or just
another easy-to-defeat method.
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br
----------
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.437 / Virus Database: 245 - Release Date: 06/01/2003
[Non-text portions of this message have been removed]
>Hi,I think if the users and passwords are in a valid for the hole system (i.e.
>
> > >Since Interbase/Firebird have no security
> > >on opening the database.
> > >I mean everybody can open it with a SYSDBA password.
> > >I have a solution's suggestion.
> > >
> > >Let made 2 user and password files.
>...
> > I agree with you, I think the users and passwords should be stored in each
> > database, and each database should have his "private" administrators,
> > backup's and restore's can only be made by the "private" database admins.
> >
> > But this aproach could lead to another problem, if you have 10 users who
> > will use 4 diferent databases, you will have to create the users on every
> > database and the user will be able to use differents password on each
> > database (wich is good or bad depending the way you look).
>
>Or you will "grant" them access :)
are stored in a single file) and you just grant access for some databases.
One user could create overwrite (create on another machine, etc.) the
original password file with the same users and with passowrd he knows,
since that user has access to one GDB and he changes the password files
with one he knows the password the same problem will happen as copy the GDB
to another machine.
But, IMHO, if the users and passwords are stored inside the GDB, only valid
users for that GDB will have access, even if you copy it to another
machine, the users and passwords will remain te same.
The backup could be encryted using the "ADMIN" password (the "ADMIN" user
will be created with the database creation like an owner, and just the
ADMIN will be able to restore the backups since the password is the key to
decript it).
I do know encryption to tell how to do it and how good it is... I am just
telling what I am think that is a good way of do it. I think if anyone who
knows well encruption and data protection could tell if this is ok or just
another easy-to-defeat method.
> > Alexandre Benson SmithChanged....
>
>btw - could you change your "sender" name to your real name instead of
>IB/Fb LIST
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br
----------
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.437 / Virus Database: 245 - Release Date: 06/01/2003
[Non-text portions of this message have been removed]