| Subject | Re: Firebird Database protection |
|---|---|
| Author | Adam |
| Post date | 2004-12-05T22:53:52Z |
--- In firebird-support@yahoogroups.com, Leonardo <okinawadin@y...> wrote:
learning about that database or not.
password which everyone with access to internet can know (SYSDBA -
masterkey), how can I protect my database by changing this password?
bits to make it more suitable.
Firstly, there is not a whole lot you can do if they can access the
fdb file. If they are able to access it, then they could simply use
their own security database. The good news is you don't have to allow
file access to it.
Lets just say you have a server called "server" (pretty creative I
know). The database can be located in c:\database\db.fdb for this example.
On "server" in aliases.conf, set MyDB=c:\database\db.fdb
Restrict security permissions to c:\database\ to Administrator and
System, and disallow anyone else access to the folder.
When you connect to the database, simply use the connection string
"server:MyDB", and firewall off every port on "server" except 3050
which is used by Firebird.
Obviously, change the SYSDBA password, and within the tables encrypt
any super sensitive data and hash any passwords you store. If you set
it up right, no-one should be able to access the fdb file, and you
also need to think very carefully about using security to disable
things like gbak.
Hope that helps
Adam
>that is really important to me so I can choose if I keep going on
> Hello all,
>
> I've started using firebird last week and I have a question
learning about that database or not.
>can be copied from one place to other and has a very easy to break
> How can I protect my database? Since it is a removable file that
password which everyone with access to internet can know (SYSDBA -
masterkey), how can I protect my database by changing this password?
>I answered a similar question last week, so I have just adjusted some
> Is there anything I can do to improve it's security?
>
> Thanks
> Leonardo Nakahara
>
>
> ---------------------------------
> Yahoo! Mail - Agora com 250MB de espaço gratuito. Abra uma conta agora!
>
> [Non-text portions of this message have been removed]
bits to make it more suitable.
Firstly, there is not a whole lot you can do if they can access the
fdb file. If they are able to access it, then they could simply use
their own security database. The good news is you don't have to allow
file access to it.
Lets just say you have a server called "server" (pretty creative I
know). The database can be located in c:\database\db.fdb for this example.
On "server" in aliases.conf, set MyDB=c:\database\db.fdb
Restrict security permissions to c:\database\ to Administrator and
System, and disallow anyone else access to the folder.
When you connect to the database, simply use the connection string
"server:MyDB", and firewall off every port on "server" except 3050
which is used by Firebird.
Obviously, change the SYSDBA password, and within the tables encrypt
any super sensitive data and hash any passwords you store. If you set
it up right, no-one should be able to access the fdb file, and you
also need to think very carefully about using security to disable
things like gbak.
Hope that helps
Adam