Subject Re: protecting firebird's database
Author kevtey
thanks for the information.
my co worker concern is the data is vulnerable if let say someone are
able to copy the fdb out. coz after that they can view all the
information. he told me that for mysql if someone copy the database
file its harder for them to open the db and see the data. im not sure
about this.

anyway i will try to do a encryption module in my application so that
it will encrypt the data before its being stored into the db.

thanks for the information.

--- In, "Adam" <s3057043@...> wrote:
> --- In, "kevtey" <kevtey@> wrote:
> >
> > hi i would like to know is there any possible ways that i can protect
> > my firebird database from unauthorised user.
> >
> > currently the database (*.fdb) is stored in a networked pc. alot of
> > people have the access to it. but not all of them has the right to
> > access it. due to lack of security anyone can just copy out the fdb
> > any open it up at their workstation or home.
> >
> > is there any way that i can protect this? either directly protect the
> > data (encryption) or the database?
> >
> It is the same with any dbms from Oracle down to Access. If you give
> someone physical access to the database file, they can do as they
> please, regardless of the mechanisms you put in place to try and avoid
> it. How do you think these 'data recovery' services actually do half
> their work?
> Fortunately with Firebird there is no need to grant any user other
> than the user that the service is installed as any access whatsoever
> to the fdb file.
> Presumably you mean that there is a simple share that everyone has
> access to. If this is the case, place the file in a folder somewhere
> above the share. All the encryption in the world won't help if you
> have access to a network share to the file, because even if it is
> encrypted on disk, it will be decrypted when it is copied.
> Also, given that Firebird is open source, one could recompile their
> own version of the server engine to not include whatever encryption
> you put in at the storage layer. It is a lost cause from the outset.
> Adam