Subject Re: how developers can protect Firebird's database
Author Adam
--- In, "Erley" <erleydoc@...> wrote:
> Hello,
> I'd like to know how developers can protect Firebird's database
> against not authorized users
> connecting databases from distributed systems.

There are a number of ways depending on whom you are protecting it
from. These span from using a VPN or secure tunnel to limit who can
connect to your server, to using some data access layer in a DMZ zone.

> I found an article on Internet with some instructions to create an
> user to database maintenance
> and create a role to SYSDBA user and others things

That is a bit of a hack. Someone with enough knowledge could get
around that, but it may be enough to stop curious users.

> but these is not
> enought because if someone
> has a copy of my database they can edit the .fdb file and look for the
> user name who has database
> access and connect that database.

Whoa, game over.

If they have your fdb file, there is nothing you can do. There is no
reason that a client workstation requires any access to the fdb file
at all.

> I'm talk about an application that will be installed on client's
> machines so users will
> have access to my firebird file (.fdb)

You may be able to use an encrypted volume, but you still have the
same problem because you need to provide the private keys to the
client to work with database. Think about that very carefully, because
if the users get their hands on that, it might as well not be
encrypted. This is true of any file, not just a Firebird database.

Another option is terminal services, where distributed sites remote
desktop into a server that can be appropriately locked down.