| Subject | Re: [firebird-support] Database protection [OT] |
|---|---|
| Author | Edward Flick |
| Post date | 2004-04-06T14:26:18Z |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Steffen Heil wrote:
|>There is no way to block out the end-user from accessing the database that
|> is 100% secure.
|>Even if you encrypt the database you have to store the key somwhere, the
|> enduser has a chance to find the key and access the database.
|
| Wrong.
| You *COULD* (but shouldn't) store the key on a smartcard and use paladium
| systems to give access to the card only to you application.
Wrong????
If it has to interface with the computer IT IS HACKABLE. If I'm to
assume that paladium usage will work because of private/public key pairs
that only the application and smartcard understand, then might I remind
you that the Application or OS has to store the other key somewhere.
Also, there are methods of intercepting electronic transmissions, and
just debugging memory in general.
| Als already posted: The information is OWNED by the customer as soon
as they
| buy your product. And being afraid they buy cheeper support elsewhere
tells
| me, your support is not good enought or too expensive.
I absolutely agree with this. Their primary focus here shouldn't be on
physical access security. It should be on improving their customer
relationship, and maybe on packaging up their product in a more modular way.
Edward
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
iD8DBQFAcr4HvWeCZ4RLdzYRApaWAJ90Ay+mfOh6lCBvXvLGEFtnfMTcQQCfTe7V
LBmgWy1U9/eONqPan66+URs=
=X6el
-----END PGP SIGNATURE-----
Hash: SHA1
Steffen Heil wrote:
|>There is no way to block out the end-user from accessing the database that
|> is 100% secure.
|>Even if you encrypt the database you have to store the key somwhere, the
|> enduser has a chance to find the key and access the database.
|
| Wrong.
| You *COULD* (but shouldn't) store the key on a smartcard and use paladium
| systems to give access to the card only to you application.
Wrong????
If it has to interface with the computer IT IS HACKABLE. If I'm to
assume that paladium usage will work because of private/public key pairs
that only the application and smartcard understand, then might I remind
you that the Application or OS has to store the other key somewhere.
Also, there are methods of intercepting electronic transmissions, and
just debugging memory in general.
| Als already posted: The information is OWNED by the customer as soon
as they
| buy your product. And being afraid they buy cheeper support elsewhere
tells
| me, your support is not good enought or too expensive.
I absolutely agree with this. Their primary focus here shouldn't be on
physical access security. It should be on improving their customer
relationship, and maybe on packaging up their product in a more modular way.
Edward
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
iD8DBQFAcr4HvWeCZ4RLdzYRApaWAJ90Ay+mfOh6lCBvXvLGEFtnfMTcQQCfTe7V
LBmgWy1U9/eONqPan66+URs=
=X6el
-----END PGP SIGNATURE-----