Subject Re: [firebird-support] Bingo! No real security there.
Author David Johnson
Security prevents honest people from making mistakes. But, it will
never stop someone who is at a level that they are submitting to (or
reading) this list from getting the data if they have physical access to
the system chassis or even directory access to the file. It doesn't
matter if the data is on Firebird, DB2, Oracle, BTrieve, VSAM, ISAM, or
some oddball "object database".

This is something that data recovery service companies depend on to make
their money - for example when recovering the data from the secured
insurance and stock market exchange media that were damaged in 9/11.

On Tue, 2005-04-26 at 23:39 +0200, Christian G├╝tter wrote:
>
> Hi Johan,
>
> > so basicaly , all one needs to do is install the embedded version of fb and
> > the free version of ibexpert and open the fdb file. the world is your
> > oyster...
> > -pratik
>
> > Bingo! No real security there.
> > Andre
>
> please tell -pratik and Andre that they should create a directory, put
> their databases into it and limit access to the directory to the a
> Firebird Service Account and a trusted administrator.
>
> Bingo! Some real security there.
> At least against this "embedded attack" and users trying to get file
> access to your databases.
>
>
> Christian
>
>
>
>
>
>
>
> Yahoo! Groups Links
>
>
>
>
>
>
>