Subject Re: protecting firebird's database
Author Adam
--- In, "kevtey" <kevtey@...> wrote:
> thanks for the information.
> my co worker concern is the data is vulnerable if let say someone are
> able to copy the fdb out.

Your co-worker is 100% right!

> coz after that they can view all the
> information. he told me that for mysql if someone copy the database
> file its harder for them to open the db and see the data. im not sure
> about this.

Is he willing to email me the files ;)
(Don't, it was rhetorical)

Your co-worker is mistaken if he or she thinks that MySQL
automagically provides this protection.

I know there is one MySQL storage engine that hard codes the file
system location in its header, but that is hardly going to stop anyone
with more than 10 minutes googling for a tool to change it.

Other documents also suggest that you should encrypt the folder to the
particular windows user running the service. Of course if the user has
access to the file, then they have access to the file.

You can do more to compromise a database if you have file system level
access to the file, especially if you can get a time when the engine
does not have a write lock.

> anyway i will try to do a encryption module in my application so that
> it will encrypt the data before its being stored into the db.

That approach is safer, however you are still storing your private key
in the application somewhere, which means it is possible to reverse it
out. It is a good approach where there is information you don't want
the DBA to unintentionally read.

But securing it can be a breeze, just don't give the user file system
access to the file. They don't need it ever.