| Subject | Re: [firebird-support] Re: choosing database |
|---|---|
| Author | jini us |
| Post date | 2003-11-16T06:14:59Z |
Database security is limited to how far you trust your
staff.
Databases security is just to prevent low paid office
stigs from having access to data which the ofice
manager should have.
In this instance low paid stigs are not trusted
to have access to the database.
For instance the DBA (database administrator )
have access to the complete database, which also
includes your application developers.
The only person who doesn't have access is the low
paid office stig you hired to do some minial duties
during the course of running your business.
--- Helen Borrie <helebor@...> wrote:
---------------------------------
At 09:22 PM 15/11/2003 -0300, you wrote:
allow someone to copy
your database files, then they can copy the files onto
their own server and
access your data using their own SYSDBA password.
physical access to
your servers will be deterred by a little thing like
encrypted access.
The 1.5 version of Firebird has a lot of extras to
make it harder for a
malfaisant to compromise your databases from outside
of your firewall. But
"hard" does not mean "impossible". Unless you are an
expert on network
security, you will do yourself and your customer a big
favour by
recommending that they contract a network security
expert to advise them on
wire security - regardless of what RDBMS they choose.
heLen
Yahoo! Groups Sponsor ADVERTISEMENT
To unsubscribe from this group, send an email to:
firebird-support-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to the Yahoo!
Terms of Service.
________________________________________________________________________
Want to chat instantly with your online friends? Get the FREE Yahoo!
Messenger http://mail.messenger.yahoo.co.uk
staff.
Databases security is just to prevent low paid office
stigs from having access to data which the ofice
manager should have.
In this instance low paid stigs are not trusted
to have access to the database.
For instance the DBA (database administrator )
have access to the complete database, which also
includes your application developers.
The only person who doesn't have access is the low
paid office stig you hired to do some minial duties
during the course of running your business.
--- Helen Borrie <helebor@...> wrote:
---------------------------------
At 09:22 PM 15/11/2003 -0300, you wrote:
>Thanks for your spanish and english answers I amstrongly thinking in
>Firebird 1.5 RC7 but I am a bit worried about thesecurity point
>point. So it is really
>
> > The security of the database it is a critical
> > important to the data not to be edited out of thesystem.
>your database
> >>Then make sure that no-one have physical access to
> >>file(s). If anyone gets hold of the file(s), it isnot very difficult
> >>to get information out of the database. It ispossible to access the
> >>database without having direct access to thefiles, so this is good
> >>advice anyway. (Svein Erling)has the password
>
>
>So you are saying that although a person that doesn't
>can change the data out of the system if he hasaccess to the server or
>perhaps remotely?No. But if you expose your server physically and
allow someone to copy
your database files, then they can copy the files onto
their own server and
access your data using their own SYSDBA password.
>Is the same thing in other database systems?Yes, don't fool yourself that a determined thief with
physical access to
your servers will be deterred by a little thing like
encrypted access.
The 1.5 version of Firebird has a lot of extras to
make it harder for a
malfaisant to compromise your databases from outside
of your firewall. But
"hard" does not mean "impossible". Unless you are an
expert on network
security, you will do yourself and your customer a big
favour by
recommending that they contract a network security
expert to advise them on
wire security - regardless of what RDBMS they choose.
heLen
Yahoo! Groups Sponsor ADVERTISEMENT
To unsubscribe from this group, send an email to:
firebird-support-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to the Yahoo!
Terms of Service.
________________________________________________________________________
Want to chat instantly with your online friends? Get the FREE Yahoo!
Messenger http://mail.messenger.yahoo.co.uk