| Subject | Re: [firebird-support] Re: Embedded Firebird Security - Basic Questions |
|---|---|
| Author | Noprianto |
| Post date | 2006-05-21T03:28:36Z |
Hi Adam,
make it more simple requirement :)
security, then i must not let the users know the key.
Thanks :)
using server based database would make it so
complicated, particularly when some troubles raised.
Let say, if firebird server is halted, but users dont
know, then he/she has to start it up again. But, not
all users are having this skill.
is cool:
- single file (although need MDAC to access)
- has a password protection (although crackable
easily)
- can be shared using SMB
May be not all of these 'features' is correct. But,
however, i see people are doing that.
Regards,
Pri
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
> Hmm, that is a very hard requirement to meet. YouYes. But I am trying to 'compromise' and see how i can
> want it impossible
> for a malicious person to gain access to your data
> yet you have
> eliminated the possibility of protecting the private
> key on the file
> system. You have also put restrictions on the data
> access that says
> that the client application (report engine in this
> case) must have the
> ability to run arbitrary queries and not have to
> decrypt it.
make it more simple requirement :)
> If the user knows the key, then why is any securityI see i see :) So, if i implement this kind of
> required? After
> all, if they are malicious, they can use the key
> that they know to
> unlock it when they need to access or manipulate
> data.
security, then i must not let the users know the key.
Thanks :)
> Stupid is too strong a word, it is a common mistakeI totally agree. But, in very simple application,
> when coming from
> a desktop database to think that tables must be
> shared. Think of the
> server as an agent. The client application is not
> allowed to read from
> the file, nor is it allowed to write to the file,
> only the agent can
> do that. All the client application can do is to ask
> the agent to do
> something (via a SQL query). So the agent needs
> complete access to the
> file, but the client application only needs access
> to the agent. You
> can take this even further my developing a data
> abstraction layer, a
> service that is allowed to connect to the agent and
> your client
> application must then go through that data
> abstraction layer. (Like
> having a client talking to an agent which talks to
> another agent which
> finally reads or writes to the file.
using server based database would make it so
complicated, particularly when some troubles raised.
Let say, if firebird server is halted, but users dont
know, then he/she has to start it up again. But, not
all users are having this skill.
>Hehehe :) Thanks :) I used to think that MS Access DB
> Access doesn't have this problem?
>
> Google for data recovery from MS Access if you think
> it is really
> bullet proof. If you want it to be "as secure" as MS
> Access (but do
> not confuse this with secure), then you should be
> able to emulate it
> using some third party file system level encryption
> utility, of which
> their are many.
is cool:
- single file (although need MDAC to access)
- has a password protection (although crackable
easily)
- can be shared using SMB
May be not all of these 'features' is correct. But,
however, i see people are doing that.
> I also wrote a paper a while back that actuallyThank you very much. I am reading it now. Thank you.
> started from a similar
> question. It contains attack vectors that you may
> want to also consider.
>
> http://www.fbtalk.net/viewtopic.php?id=290
Regards,
Pri
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com