Subject Re: Help on administrator privileges, prevention of database copying and opening
Author Adam
--- In, "dpanidis" <dpanidis@...> wrote:
> First of all many thanks for the many replies in my earlier question
> regarding if the Firebird server, is 'aware' as to how many databases
> it serves. The replies were that the server does not keep metadata
> track about the various databases, and that it simply serves any
> database file that it is ordered to. With that point understood, I
> have another question. I'm about to deploy an application, with a
> database which is created with a certain username and password. How am
> I to prevent anybody to copy-paste the database file in another node
> with another Firebird installation and open it with the default
> sysdba/masterkey username-password? Is there a way that I can
> safeguard my database design and (more importantly) data since it
> contains payroll information? Is this assumption of mine correct? Does
> the .fdb file contain internally the administrator's name and
> password? Any help will be greatly appreciated,thanks in advance!

Once I have direct access to your fdb file, there is nothing you can
do to stop me from accessing your data. Right now, I can take a file
system copy of the database and install it on my own server and voila,

But even if there was something in the database file to 'lock it down'
to a particular machine, Firebird is open source and I can download
the appropriate source files to see how the file is to be read. The
file would need to be encrypted/decrypted on the fly. Of course, there
would need to be some sort of private key to make this possible, but
if I am able to just copy your database, chances are I can just copy
your private key, making the encryption a waste of time.

*Every* modern file system has user level security providing the
physical machine is not compromised (so no-one can just put a Linux
boot CD and copy some files). Use it. Firebird clients have no need to
have *ANY* access to the fdb file, so put it in a folder and deny all
users except FirebirdUser (which you have installed the Firebird
service under).

Not one of my end users can just 'copy and open' a database. Of course
the admins at the particular customer can, but they can also restore
the backup from their tapes, so there would be no point attempting to
prevent them.