| Subject | Re: [firebird-support] Re: Embedded Firebird Security - Basic Questions |
|---|---|
| Author | Noprianto |
| Post date | 2006-05-20T08:36:24Z |
Hi Paul,
Hi Adam
Thanks for the replies.
In my case, filesystem level permission is not
applicable. My client have to create a simple business
application, where the data is in one file. So i
search for Sqlite and Firebird, and found that
firebird has a lot of features, and definitely become
my choice.
I will not use MS Access Database, since the
application it self has to be multiplatform.
If the database is shared between few computers (and
means that all of them must have read/write
permission), my only choice would be encrypt the data
before i store in the database. (thanks Paul).
But, then people who stole the database can look at
the database structure?
Any other opinion?
--- Adam <s3057043@...> wrote:
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Hi Adam
Thanks for the replies.
In my case, filesystem level permission is not
applicable. My client have to create a simple business
application, where the data is in one file. So i
search for Sqlite and Firebird, and found that
firebird has a lot of features, and definitely become
my choice.
I will not use MS Access Database, since the
application it self has to be multiplatform.
If the database is shared between few computers (and
means that all of them must have read/write
permission), my only choice would be encrypt the data
before i store in the database. (thanks Paul).
But, then people who stole the database can look at
the database structure?
Any other opinion?
--- Adam <s3057043@...> wrote:
> --- In firebird-support@yahoogroups.com, Paul__________________________________________________
> Vinkenoog <paul@...> wrote:
> >
> > Hi Pri,
> >
> > > 1. I am new to firebird, and want to use
> firebird embedded. So, my
> > > application is easier to deploy. What i need is
> just few firebird
> > > dll (fbembed, etc).
> > >
> > > -> Am i correct?
> >
> > Yes, look in the Release Notes for the exact
> details.
> >
> >
> > > 2. How about the security in embedded firebird?
> Anyone can copy the
> > > file (if they have filesystem access) and open
> it using various
> > > tools.
> >
> > Yes, but please understand that this is the case
> with ALL Firebird
> > databases. There's no such thing as a "Firebird
> Embedded" database as
> > opposed to other Firebird databases.
> >
> > The difference with Embedded is that the server
> security check is
> > bypassed. Anyone can connect as any user, with any
> password, but they
> > MUST have filesystem access to the database file.
> >
> > With regular Firebird servers, the users don't
> need (and indeed should
> > not have) filesystem access to the database file.
> >
> >
> > > Any idea to protect data in the database itself?
> No matter people
> > > can copy the database, if they cannot open it.
> >
> > Firebird has no data ecryption features. If you
> want to protect your
> > data in case someone gets hold of the database,
> encrypt sensitive data
> > before you feed them to the database.
> >
> >
> > Greetings,
> > Paul Vinkenoog
> >
>
> Hi Pri,
>
> If you grant someone file system access to either a
> firebird database
> file or a firebird backup, then they can make
> themselves a SYSDBA.
> Read Geoff Worboys paper which addresses this and
> several other issues.
>
> http://www.firebirdsql.org/manual/fbmetasecur.html
>
> If your security requirement means that "No matter
> people
> can copy the database, if they cannot open it", then
> embedded is not a
> good choice. A terminal services delivery model is a
> good way to get
> the ease of deployment with the security of no
> filesystem access to
> the database by untrusted users.
>
> Adam
>
>
>
>
>
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com