| Subject | RE: [firebird-support] How would Firebird prevent users thrasing database |
|---|---|
| Author | Steffen Heil |
| Post date | 2004-04-05T08:02:22Z |
Hi
database via any management tools as the connection needs the password and
username to be valid.
No.
Reinstall firebird. You get a new sysdba default password. The database
remains accessable.
There seem to be some steps to make it harder, as i heard about some tricks
using a role "sysdba". But I havn't tried.
Anyway, Firebird isn't designed for such things.
If you need to secure access to the database, store it on a dedicated
server, block port 3050, use ssh to connect to it encrypted, somehow connect
an ssh client to your fbclient.dll and store the ssh key on a smartcard.
This should be secure. Forget about sysdba passwords in this scenario, keep
"masterkey".
Afaik it is relatively easy connect to a firebird database if you can see
every traffic on the network.
Beside this, remember, that the information in the clients database WAS
BOUGHT by you client and you have no right to disallow him to access it in
any way he wants to. You might be allowed to make it a little harder. IMHO
in some countries, you could even be legally forced to give him the sysdba
password to HIS database...
So simply don't try it. Offer such a good service, that he will prolong this
support agreement. Then don't bother.
Regards,
Steffen
> I may be overlooking something obvious here, but if you alter the passwordfor SYSDBA to something only you know then no-one else can connect to the
database via any management tools as the connection needs the password and
username to be valid.
No.
Reinstall firebird. You get a new sysdba default password. The database
remains accessable.
There seem to be some steps to make it harder, as i heard about some tricks
using a role "sysdba". But I havn't tried.
Anyway, Firebird isn't designed for such things.
If you need to secure access to the database, store it on a dedicated
server, block port 3050, use ssh to connect to it encrypted, somehow connect
an ssh client to your fbclient.dll and store the ssh key on a smartcard.
This should be secure. Forget about sysdba passwords in this scenario, keep
"masterkey".
Afaik it is relatively easy connect to a firebird database if you can see
every traffic on the network.
Beside this, remember, that the information in the clients database WAS
BOUGHT by you client and you have no right to disallow him to access it in
any way he wants to. You might be allowed to make it a little harder. IMHO
in some countries, you could even be legally forced to give him the sysdba
password to HIS database...
So simply don't try it. Offer such a good service, that he will prolong this
support agreement. Then don't bother.
Regards,
Steffen