--- In firebird-support@yahoogroups.com, Paul Vinkenoog <paul@...> wrote:

>
> Hi Pri,
>
> > 1. I am new to firebird, and want to use firebird embedded. So, my
> > application is easier to deploy. What i need is just few firebird
> > dll (fbembed, etc).
> >
> > -> Am i correct?
>
> Yes, look in the Release Notes for the exact details.
>
>
> > 2. How about the security in embedded firebird? Anyone can copy the
> > file (if they have filesystem access) and open it using various
> > tools.
>
> Yes, but please understand that this is the case with ALL Firebird
> databases. There's no such thing as a "Firebird Embedded" database as
> opposed to other Firebird databases.
>
> The difference with Embedded is that the server security check is
> bypassed. Anyone can connect as any user, with any password, but they
> MUST have filesystem access to the database file.
>
> With regular Firebird servers, the users don't need (and indeed should
> not have) filesystem access to the database file.
>
>
> > Any idea to protect data in the database itself? No matter people
> > can copy the database, if they cannot open it.
>
> Firebird has no data ecryption features. If you want to protect your
> data in case someone gets hold of the database, encrypt sensitive data
> before you feed them to the database.
>
>
> Greetings,
> Paul Vinkenoog
>

Hi Pri,

If you grant someone file system access to either a firebird database
file or a firebird backup, then they can make themselves a SYSDBA.
Read Geoff Worboys paper which addresses this and several other issues.

http://www.firebirdsql.org/manual/fbmetasecur.html

If your security requirement means that "No matter people
can copy the database, if they cannot open it", then embedded is not a
good choice. A terminal services delivery model is a good way to get
the ease of deployment with the security of no filesystem access to
the database by untrusted users.

Adam