| Subject | Re: [firebird-support] Bingo! No real security there. |
|---|---|
| Author | Lester Caine |
| Post date | 2005-04-26T07:45:26Z |
Johan van Zyl wrote:
as there are users. 99% of those requirements are simply views that
because B does it A should, and we need to educate people as to how to
do the same job differently.
Personally I see no use for 'Embedded' at all and all of the effort
spent on it could be directed elsewhere, but I am in a minority, as I
also probably am in thinking that embedded encryption should only be
allowed provided that it has absolutely no impact on those of us who
work client/server with security handled by access to the server and can
be completely removed if not required! As I don't need it.
If someone has a copy of the database they can reverse engineer it even
if you encrypt it. It may make thing more difficult, but not impossible,
and so secure systems need a proper approach to physical access to the
data.
So if you are not happy with Firebird switch to something else, and live
with the problems of that instead. None of the current engines are
perfect, and I am probably not the best person to say that since I only
tinker with anything other than Firebird, but we KNOW were the problems
are, and can manage around them. In the last 5 years I have not had a
single problem on site that could not be recovered with a few minutes
work, and I have seen a number of examples in the same time frame of
other systems having major crashes that took hours/days to repair.
--
Lester Caine
-----------------------------
L.S.Caine Electronic Services
> The FireBird security issue has been reaised many times in the Clarion NG's.The main problem here is that there are as many 'must have' requirements
> I came to this forum, where the FIrebird experts hang out, to get some peace
> of mind, and report back to the Clarion community.
> Is that not OK then? Who shall we turn to - or just forget about FireBird?
as there are users. 99% of those requirements are simply views that
because B does it A should, and we need to educate people as to how to
do the same job differently.
Personally I see no use for 'Embedded' at all and all of the effort
spent on it could be directed elsewhere, but I am in a minority, as I
also probably am in thinking that embedded encryption should only be
allowed provided that it has absolutely no impact on those of us who
work client/server with security handled by access to the server and can
be completely removed if not required! As I don't need it.
If someone has a copy of the database they can reverse engineer it even
if you encrypt it. It may make thing more difficult, but not impossible,
and so secure systems need a proper approach to physical access to the
data.
So if you are not happy with Firebird switch to something else, and live
with the problems of that instead. None of the current engines are
perfect, and I am probably not the best person to say that since I only
tinker with anything other than Firebird, but we KNOW were the problems
are, and can manage around them. In the last 5 years I have not had a
single problem on site that could not be recovered with a few minutes
work, and I have seen a number of examples in the same time frame of
other systems having major crashes that took hours/days to repair.
--
Lester Caine
-----------------------------
L.S.Caine Electronic Services