Subject Re: additional firebird security to marry a database to a server
Author Adam
> We are having problems with database theft, and restricting access to
> the
> server is out of the question. We removed all backup devices on the
> servers,
> but the database is usually under 1 GIG at client level and USB
> memory
> sticks are perfect for the job.

Why is this out of the question? What a strange comment. If you have
the ability to remove all backup devices, then why don't you have the
ability to remove all access to one folder on the machine to everyone
except the Firebird user?

By the way, if anyone has a way of making sure my car doesn't get
stolen let me know. I should mention that locks and alarms are not an

> Is there a way to "marry" a database to a server and make is
> inaccesible on
> another unless some kind of registration process is performed first?
> I am
> thinking along the lines of using a UDF that performs checks on
> specific
> aspects of the server (name/hardware ID etc) and then creates and
> stores a
> key in the database that gets checked everytime a user logs on. I
> can't find
> any login triggers that would allow this, but I'm wondering if there
> may be
> another way to do this?
> I suppose I could encrypt the data but I shudder to think of all the
> implications that will have..

How pointless. Firebird is Open Source. Even if you do whatever you
want to do, I can access the tables on a RAW level because I can
download the sources and write my own I/O interaction. Encrypting is
useless unless you can somehow control the key, but if you can't even
control file system permissions, what chance is there of that.

I don't mean to sound unfair, but the security relies on the malicious
user not getting file access to the fdb file (just like other
databases btw). If you can't guarantee that, then there is little
hope. Just in case you were wondering, NO-ONE (except the user
Firebird is installed as) requires ANY access at all to the fdb file.
So disallow it.