| Subject | Re: [firebird-support] FIREBIRD SECURITY ISSUES |
|---|---|
| Author | Alexandre Benson Smith |
| Post date | 2004-05-12T17:51:28Z |
Alfredo wrote:
1.) There is no security if you have no physical security
2.) If the root/administrator wish he could replace the file or
re-install the server
3.) Your customer should have sysdba anyway
If you want to hide the data from other aplications or block the access
from your client in anyway, I think the only solution is to encrypt the
data, and you know, for every closed door will be a locksmith around ;-)
see you !
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br
> I am developing a commercial application with Firebird, most of theAlfredo,
>
>
>>programming is inside the database (triggers, Stored procedures, views).
>>
>>
>So
>
>
>>I don't want my database to be open and view by anyone. So I changed all
>>users even the password for the SYSDBA account. As far as I know Firebird
>>manages all users access inside a database called security.fdb. I found
>>that if I Replace that database with a new one (with the original user:
>>sysdba and pwd: masterkey) can give access to the database and view all my
>>database programming. So the question is, is there a way to secure a bit
>>more the database. Because this is a major gap.
>>
>>Thanks in Advance
>>
>>
1.) There is no security if you have no physical security
2.) If the root/administrator wish he could replace the file or
re-install the server
3.) Your customer should have sysdba anyway
If you want to hide the data from other aplications or block the access
from your client in anyway, I think the only solution is to encrypt the
data, and you know, for every closed door will be a locksmith around ;-)
see you !
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br