Subject Re: Help on administrator privileges, prevention of database copying and opening
Author Adam
--- In firebird-support@yahoogroups.com, "dpanidis" <dpanidis@...> wrote:
>
> First of all many thanks for the many replies in my earlier question
> regarding if the Firebird server, is 'aware' as to how many databases
> it serves. The replies were that the server does not keep metadata
> track about the various databases, and that it simply serves any
> database file that it is ordered to. With that point understood, I
> have another question. I'm about to deploy an application, with a
> database which is created with a certain username and password. How am
> I to prevent anybody to copy-paste the database file in another node
> with another Firebird installation and open it with the default
> sysdba/masterkey username-password? Is there a way that I can
> safeguard my database design and (more importantly) data since it
> contains payroll information? Is this assumption of mine correct? Does
> the .fdb file contain internally the administrator's name and
> password? Any help will be greatly appreciated,thanks in advance!
>

Once I have direct access to your fdb file, there is nothing you can
do to stop me from accessing your data. Right now, I can take a file
system copy of the database and install it on my own server and voila,
SYSDBA am I.

But even if there was something in the database file to 'lock it down'
to a particular machine, Firebird is open source and I can download
the appropriate source files to see how the file is to be read. The
file would need to be encrypted/decrypted on the fly. Of course, there
would need to be some sort of private key to make this possible, but
if I am able to just copy your database, chances are I can just copy
your private key, making the encryption a waste of time.

*Every* modern file system has user level security providing the
physical machine is not compromised (so no-one can just put a Linux
boot CD and copy some files). Use it. Firebird clients have no need to
have *ANY* access to the fdb file, so put it in a folder and deny all
users except FirebirdUser (which you have installed the Firebird
service under).

Not one of my end users can just 'copy and open' a database. Of course
the admins at the particular customer can, but they can also restore
the backup from their tapes, so there would be no point attempting to
prevent them.

Adam