| Subject | Re: [firebird-support] how to protect DATA |
|---|---|
| Author | Alexandre Benson Smith |
| Post date | 2007-07-11T22:23:46Z |
jesus martinez wrote:
machine, it could be opened with a valid user/password on that machine.
see the data.
But if you would encrypt the data then the encrypt/decrypt key would be
hard coded on your app ? how easy would be to someone reverse engineer
your app to know the key ? If the key would be provided on at app
start-up time, it would give more security, but be aware that you will
loose the ability to search for inequality operators (<>, >, <) since
once encrypted only equality means something. Perhaps you could use an
UDF to decrypt the data, but your searches would be natural (no index used)
without the security check for grants
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br
> hello!not so important, since if the database could be copied to another
>
> i am developing a win32 application that uses
> FB-embedded version v2.0.1
>
> that application is a program that only let users
> to make "complex" SELECTs to the database
> (there are no inserts, updates or deletes)
>
> the data of the database is currently being stored
> using "SYSDBA/masterkey".
>
machine, it could be opened with a valid user/password on that machine.
> since this application will be delivered to differentYes, if someone could get the physical file, he/she would be allowed to
> clients, people who is storing data (confidential) are
> afraid of being stolen. (i mean, anyone can open the
> database and extract the information)
>
see the data.
> unaffortunately i didnt find how to encrypt FB record,You should do it on your own. FB has no internal encrypt method.
> it cant be done, rigth ?
>
But if you would encrypt the data then the encrypt/decrypt key would be
hard coded on your app ? how easy would be to someone reverse engineer
your app to know the key ? If the key would be provided on at app
start-up time, it would give more security, but be aware that you will
loose the ability to search for inequality operators (<>, >, <) since
once encrypted only equality means something. Perhaps you could use an
UDF to decrypt the data, but your searches would be natural (no index used)
> so, how can i protect the records ?Encrypt
>
> after storing the data, do i have to delete sysdbaIt offers no practical security
> username ?
>
> do i have to set tables to be only accesible byOffers no practical security, since a malicious guy could recompile FB
> another user ?
>
without the security check for grants
> may i change the user who has access to the recordsThe same as above
> after storing then with sysdba ?
>
> will the new configuration remain using embeddedDoes not understand what you mean here
> version of FB ?
>
>
> to create the database i exec this script:Does not change the scenario.
>
> CREATE DATABASE 'C:\test.fdb'
> USER 'SYSDBA' PASSWORD 'masterkey'
> PAGE_SIZE = 4096
> DEFAULT CHARACTER SET ISO8859_1;
>
> connect 'C:\test.fdb'
> USER 'SYSDBA' PASSWORD 'masterkey';
>
> CREATE TABLE NEW_TABLE1 (
> FIELD1 SMALLINT NOT NULL
> );
>
> ALTER TABLE NEW_TABLE1 ADD PRIMARY KEY (FIELD1);
>
> then i store houndred of records.
>
> is this ok ? or i have to create the database
> using another dba ?
>
>
> i want that record not to be accessible to anybodyOnly if you encrypt your data in someway.
> instead of somebody that has the correct password
> (i mean, also if he copies the db file into another
> computer)
>
> thanks in advance,see you !
> j.-
>
>
--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br