| Subject | RE: [firebird-support] Security |
|---|---|
| Author | Tim |
| Post date | 2005-12-02T12:16:06Z |
The other thing you need to consider is just how "under threat" is
the data? If the computers are not connected to the internet, and are
in small and well defined groups, then the chances of someone hacking
in are minimal. Think about it - someone who knows Firebird and SQL
would need to access the computer. If they try and do it while staff
are there, it would be difficult. The Dr and the Receptionist either
have the right to view the data or do not have the skill to "break
in" to the data.
So - why bother encrypting at all? I realize that the data is very
confidential : but the only people who would normally be in a
position to access the security.fdb are the people who have the right
to see the data anyway? If someone else wants to see the data, they
would either need to try and access the data while the Medical staff
are there; or try to break in after hours and steal the information.
And there are lots of other things in Drs rooms worth stealing, I
would presume.
My advice is not to worry about it. The technical skills required to
access the data anyway are not all THAT common ...
Regards
Tim
At 13:51 02/12/2005, you wrote:
the data? If the computers are not connected to the internet, and are
in small and well defined groups, then the chances of someone hacking
in are minimal. Think about it - someone who knows Firebird and SQL
would need to access the computer. If they try and do it while staff
are there, it would be difficult. The Dr and the Receptionist either
have the right to view the data or do not have the skill to "break
in" to the data.
So - why bother encrypting at all? I realize that the data is very
confidential : but the only people who would normally be in a
position to access the security.fdb are the people who have the right
to see the data anyway? If someone else wants to see the data, they
would either need to try and access the data while the Medical staff
are there; or try to break in after hours and steal the information.
And there are lots of other things in Drs rooms worth stealing, I
would presume.
My advice is not to worry about it. The technical skills required to
access the data anyway are not all THAT common ...
Regards
Tim
At 13:51 02/12/2005, you wrote:
>Well this is where my main problem lies, I developed a commercial[Non-text portions of this message have been removed]
>application via Delphi/ FireBird for doctors offices, with all their
>clients information on it. In essence it is a young product with 17
>clients at this stage. The application gets installed on the
>receptionests PC, and some of the doctors link to the central
>database via a COM interface.
>There is not alot of data-movement, mostly client related queries.
>Most of the clients are not willing to purchase another PC for this
>application because they do not feel the need to add more overheads
>(which I personally feel is a little bit silly)
>
>Thank you again for all the responses. the link "How to install
>Firebird on Windows 2003 Server and Windows XP" was much helpfull,
>and this could as well possibly be my answer on how to do it with
>minimal application changes. I just now have to figure it out per
>operating system what would be the best sollution for this scenario.
>What I am definately as well going to do is to add an encryption
>layer in the application, just before the database layer, for all
>the sensitive data.
>
>Thank you
>Johan Fourie
>www.cq.co.za
>
>-----Original Message-----
>From: firebird-support@yahoogroups.com on behalf of Si Carter
>Sent: Fri 12/2/2005 11:03 AM
>To: firebird-support@yahoogroups.com
>Cc:
>Subject: RE: [firebird-support] Security
>
>
>
>
>
> > -----Original Message-----
> > A comment was made that you can just delete the security.fdb,
> > and add your own security file?
>
> The assumption I made there was that the user has access to the
> security.fdb, there is a simple guide
>
>(<http://www.fbtalk.net/viewtopic.php?id=210)>http://www.fbtalk.net/viewtopic.php?id=210)
>for setting up FB on Windows
> Server/XP which includes details on setting permissions on
> folders, if it
> helps.
>
> > If I understand this comment correctly, Does this then mean
> > that there is NO proper security on the Firebird database? I
> > have a couple of clients with sensitive data in the Firebird
> > database, and I gave them a couple of times the assurance
> > that the information in the database is secure. But if it is
> > this the case I lied then to the users.
>
> This depends on where the server is and who has access to it.
>
> Rgds
>
> Si Carter
> <http://www.fbtalk.net/>http://www.fbtalk.net/ - Web Based
> Firebird Forum
>
><http://sourceforge.net/projects/fbutils>http://sourceforge.net/projects/fbutils
>- FBUtils
> <http://www.tectsoft.net/>http://www.tectsoft.net/ - Homepage
>
>
>
> ------------------------ Yahoo! Groups Sponsor
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Visit
> <http://firebird.sourceforge.net>http://firebird.sourceforge.net
> and click the Resources item
> on the main (top) menu. Try Knowledgebase and FAQ links !
>
> Also search the knowledgebases at
> <http://www.ibphoenix.com>http://www.ibphoenix.com
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>
>
>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>Visit
><http://firebird.sourceforge.net>http://firebird.sourceforge.net and
>click the Resources item
>on the main (top) menu. Try Knowledgebase and FAQ links !
>
>Also search the knowledgebases at
><http://www.ibphoenix.com>http://www.ibphoenix.com
>
>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
>
>
>SPONSORED LINKS
><http://groups.yahoo.com/gads?t=ms&k=Technical+support&w1=Technical+support&w2=Computer+technical+support&w3=Compaq+computer+technical+support&w4=Compaq+technical+support&w5=Hewlett+packard+technical+support&w6=Microsoft+technical+support&c=6&s=196&.sig=-XIO8GxY6hqd3NaD5WSEyw>Technical
>support
><http://groups.yahoo.com/gads?t=ms&k=Computer+technical+support&w1=Technical+support&w2=Computer+technical+support&w3=Compaq+computer+technical+support&w4=Compaq+technical+support&w5=Hewlett+packard+technical+support&w6=Microsoft+technical+support&c=6&s=196&.sig=B29J78SYXnNTjjMFBMznqA>Computer
>technical support
><http://groups.yahoo.com/gads?t=ms&k=Compaq+computer+technical+support&w1=Technical+support&w2=Computer+technical+support&w3=Compaq+computer+technical+support&w4=Compaq+technical+support&w5=Hewlett+packard+technical+support&w6=Microsoft+technical+support&c=6&s=196&.sig=7_je1A94xs82CFXUjEqA6g>Compaq
>computer technical support
><http://groups.yahoo.com/gads?t=ms&k=Compaq+technical+support&w1=Technical+support&w2=Computer+technical+support&w3=Compaq+computer+technical+support&w4=Compaq+technical+support&w5=Hewlett+packard+technical+support&w6=Microsoft+technical+support&c=6&s=196&.sig=2zMAuRCo5cJrVBr1Bxa3_w>Compaq
>technical support
><http://groups.yahoo.com/gads?t=ms&k=Hewlett+packard+technical+support&w1=Technical+support&w2=Computer+technical+support&w3=Compaq+computer+technical+support&w4=Compaq+technical+support&w5=Hewlett+packard+technical+support&w6=Microsoft+technical+support&c=6&s=196&.sig=_ytYU7aXb57AVaeUfmvLcA>Hewlett
>packard technical support
><http://groups.yahoo.com/gads?t=ms&k=Microsoft+technical+support&w1=Technical+support&w2=Computer+technical+support&w3=Compaq+computer+technical+support&w4=Compaq+technical+support&w5=Hewlett+packard+technical+support&w6=Microsoft+technical+support&c=6&s=196&.sig=4hRo6NXYavRAbTkaYec5Lw>Microsoft
>technical support
>
>
>----------
>YAHOO! GROUPS LINKS
>
> * Visit your group
> "<http://groups.yahoo.com/group/firebird-support>firebird-support" on the web.
> *
> * To unsubscribe from this group, send an email to:
> *
> <mailto:firebird-support-unsubscribe@yahoogroups.com?subject=Unsubscribe>firebird-support-unsubscribe@yahoogroups.com
>
> *
> * Your use of Yahoo! Groups is subject to the
> <http://docs.yahoo.com/info/terms/>Yahoo! Terms of Service.
>
>
>----------