Subject RE: [firebird-support] Re: Undocumented internal encrypt/decrypt in FB
Author Dean Harding
> Or someone who has administrative privileges (=everyone who has physical

> access to the machine) and knows that it is enough to replace the security

> database with his custom one.



NTFS encryption, as outlined in my previous email, is "safe" from the
administrator. The file is encrypted with the password of the user who owns
the file so even if the administrator took ownership of the file, or changed
the user's password the file would still be inaccessible. In fact, if the
administrator changed the user's password, the file would be inaccessible to
everybody!



So, as I said in my previous email, you simply set up your application to
run as a service, under the a user account with a random password (that you
generate at install time and then discard) you should be good to go (it's up
to you to secure the communication between your client and the service, of
course)



Dean.



[Non-text portions of this message have been removed]