Subject Re: [firebird-support] Re: additional firebird security to marry a database to a server
Author Gary Benade
> Adam wrote,
>> We are having problems with database theft, and restricting access to
>> the
>> server is out of the question. We removed all backup devices on the
>> servers,
>> but the database is usually under 1 GIG at client level and USB
>> memory
>> sticks are perfect for the job.
> Why is this out of the question? What a strange comment. If you have
> the ability to remove all backup devices, then why don't you have the
> ability to remove all access to one folder on the machine to everyone
> except the Firebird user?
> I don't mean to sound unfair, but the security relies on the malicious
> user not getting file access to the fdb file (just like other
> databases btw). If you can't guarantee that, then there is little
> hope. Just in case you were wondering, NO-ONE (except the user
> Firebird is installed as) requires ANY access at all to the fdb file.
> So disallow it.

Hi Adam

Thanks for your thoughts and comments.

My problem lies with the fact that not all servers can be secured, and
controlling access to a server in the wild that is not dedicated and
actually gets worked on every day is difficult if not impossible.
Controlling access to folders is fine if you have an OS that supports it,
but due to factors out of my control some of the server machines are
actually running OS's like 98. Shock horror I know, but I have to support
all my clients, even the poor ones.
Your point on low-level access is well taken and is something I totally
forgot about. The data isn't really valuable enough for a hacker of that
level to bother with, but I may as well consider it. I don't agree with your
comments on encryption and I think that I might spent some time
investigating the possibility of encrypting fields containing vital data
using some kind of reversible encryption, like blowfish. Since the key will
be store in my application and not the database I think/hope this will be
more than sufficient.