Subject Re: protecting firebird's database
Author Adam
--- In, "kevtey" <kevtey@...> wrote:
> hi i would like to know is there any possible ways that i can protect
> my firebird database from unauthorised user.
> currently the database (*.fdb) is stored in a networked pc. alot of
> people have the access to it. but not all of them has the right to
> access it. due to lack of security anyone can just copy out the fdb
> any open it up at their workstation or home.
> is there any way that i can protect this? either directly protect the
> data (encryption) or the database?

It is the same with any dbms from Oracle down to Access. If you give
someone physical access to the database file, they can do as they
please, regardless of the mechanisms you put in place to try and avoid
it. How do you think these 'data recovery' services actually do half
their work?

Fortunately with Firebird there is no need to grant any user other
than the user that the service is installed as any access whatsoever
to the fdb file.

Presumably you mean that there is a simple share that everyone has
access to. If this is the case, place the file in a folder somewhere
above the share. All the encryption in the world won't help if you
have access to a network share to the file, because even if it is
encrypted on disk, it will be decrypted when it is copied.

Also, given that Firebird is open source, one could recompile their
own version of the server engine to not include whatever encryption
you put in at the storage layer. It is a lost cause from the outset.