| Subject | Re: protecting firebird's database |
|---|---|
| Author | Adam |
| Post date | 2006-07-12T04:30:46Z |
--- In firebird-support@yahoogroups.com, "kevtey" <kevtey@...> wrote:
(Don't, it was rhetorical)
Your co-worker is mistaken if he or she thinks that MySQL
automagically provides this protection.
I know there is one MySQL storage engine that hard codes the file
system location in its header, but that is hardly going to stop anyone
with more than 10 minutes googling for a tool to change it.
Other documents also suggest that you should encrypt the folder to the
particular windows user running the service. Of course if the user has
access to the file, then they have access to the file.
http://dev.mysql.com/tech-resources/articles/securing_mysql_windows.html
You can do more to compromise a database if you have file system level
access to the file, especially if you can get a time when the engine
does not have a write lock.
in the application somewhere, which means it is possible to reverse it
out. It is a good approach where there is information you don't want
the DBA to unintentionally read.
http://www.firebirdsql.org/manual/fbmetasecur.html
But securing it can be a breeze, just don't give the user file system
access to the file. They don't need it ever.
Adam
>Your co-worker is 100% right!
> thanks for the information.
> my co worker concern is the data is vulnerable if let say someone are
> able to copy the fdb out.
> coz after that they can view all theIs he willing to email me the files ;)
> information. he told me that for mysql if someone copy the database
> file its harder for them to open the db and see the data. im not sure
> about this.
(Don't, it was rhetorical)
Your co-worker is mistaken if he or she thinks that MySQL
automagically provides this protection.
I know there is one MySQL storage engine that hard codes the file
system location in its header, but that is hardly going to stop anyone
with more than 10 minutes googling for a tool to change it.
Other documents also suggest that you should encrypt the folder to the
particular windows user running the service. Of course if the user has
access to the file, then they have access to the file.
http://dev.mysql.com/tech-resources/articles/securing_mysql_windows.html
You can do more to compromise a database if you have file system level
access to the file, especially if you can get a time when the engine
does not have a write lock.
>That approach is safer, however you are still storing your private key
> anyway i will try to do a encryption module in my application so that
> it will encrypt the data before its being stored into the db.
in the application somewhere, which means it is possible to reverse it
out. It is a good approach where there is information you don't want
the DBA to unintentionally read.
http://www.firebirdsql.org/manual/fbmetasecur.html
But securing it can be a breeze, just don't give the user file system
access to the file. They don't need it ever.
Adam