| Subject | Commentary about the Firebird's security |
|---|---|
| Author | duransss |
| Post date | 2003-06-07T02:59:59Z |
(really sorry the english)
I have read some, not all of course, of the interesting messages about
the Firebird databases' security design, and I want to add a little
comment.
The MSAccess database is (maybe all agree this), relatively, a very
bad RDBS for medium or high intensive process.
But, the "philosophy" behind your strategy of security, I think, is
very very interesting.
is based in:
1) a simple "on the fly" encryption system, transparent to the client.
2) an intelligent system of user autentication and permissions, based
in a file with the users data residing in a external file, similarly
to Firebird.
with this system it does not matter if anybody copy only the data
base, because it is impossible to accede without having the file with
users permissions. You need to protect this file "with the life". For
example, imagining a similar system in Firebird, all users can have
free access to the database file, but only the Firebird's engine must
access to the permissions.
In addition, this file with permissions cannot be regenerated although
somebody knows all the user's names and passwords.
Is necessary a unique original "generation key", used in the creation
of the file.
ok, I am a rookie with this highly recognized RDBS, like Oracle, SQL
Server, Informix and even Firebird. I do not know as they work. I
imagine that these more are "Operative system's security system
integrated"
But I continue thinking than MSAccess's security is interesting for to
compare and to obtain ideas.
I have read some, not all of course, of the interesting messages about
the Firebird databases' security design, and I want to add a little
comment.
The MSAccess database is (maybe all agree this), relatively, a very
bad RDBS for medium or high intensive process.
But, the "philosophy" behind your strategy of security, I think, is
very very interesting.
is based in:
1) a simple "on the fly" encryption system, transparent to the client.
2) an intelligent system of user autentication and permissions, based
in a file with the users data residing in a external file, similarly
to Firebird.
with this system it does not matter if anybody copy only the data
base, because it is impossible to accede without having the file with
users permissions. You need to protect this file "with the life". For
example, imagining a similar system in Firebird, all users can have
free access to the database file, but only the Firebird's engine must
access to the permissions.
In addition, this file with permissions cannot be regenerated although
somebody knows all the user's names and passwords.
Is necessary a unique original "generation key", used in the creation
of the file.
ok, I am a rookie with this highly recognized RDBS, like Oracle, SQL
Server, Informix and even Firebird. I do not know as they work. I
imagine that these more are "Operative system's security system
integrated"
But I continue thinking than MSAccess's security is interesting for to
compare and to obtain ideas.