Subject Re: [firebird-support] Embedded and "security"
Author Paul Vinkenoog
Hello kogerbnz,

> I'm very very new to Firebird, I'm still trying to figure out what
> version I should use. At first I thought the embedded version, was
> just what I needed, since I will only have direct access to the
> database from the same computer as where the database file is located.
> I would then benefit from a small and easy distribution.
> But I would also like just a little security, so that not anybody who
> has access to the database file could read it by logging in as sysdba
> and a dummy password.
> Is there any good or even bad protection to be made when using the
> embedded version?

If someone has access to the database file, they can get to the data
regardless of the type of Firebird server. With embedded they only
have to connect; with client-server they can copy the file to a
machine under their control and connect (or copy the Fb embedded files
to the original machine and connect).

Basically, if you opt for the embedded model, the only way to protect
your database is by setting permissions on the database file.

In the client-server model, the database files should be inaccessible
to normal users. The communication goes via the server; access is
controlled through Firebird user names + passwords, and permissions on
the objects within the databases.

Of course you can also encrypt the data before entering them into the
database. Firebird doesn't support this actively; it has to be done by
the application.

If you want to delve deeper into this subject, here's a good paper
about Firebird security (HTML and PDF versions):

Hope this helps,
Paul Vinkenoog