|Subject||Re: Undocumented internal encrypt/decrypt in FB|
> SYSDBA still exists though, and even if it is not the owner of theYou need full access to PC, a running firebird server + dongle and
> database or the objects within. SYSDBA can backup the database. If the
> user does not know the SYSDBA password, then that attack vector is
> minimised (although there is only so much strength in an 8 character
should be able to retrieve user/owner name and password. In this case
you get a working backup file.
If my security needs would be higher/stronger then I would
disable/change the service api for the backup process. Without that my
approach does not need to change the firebird code base.
> I was not talking about your encrypted sandboxed gbak. Have youThere is only a patched version of firebird server. All other tools
including gbak are original one.
> removed the networking code from your custom fbserver? If not, I canYou need a valid connection info to do this.
> use ProcessExplorer to see what TCP/IP ports you are listening to. I
> can download the standard gbak from one of the download kits, and
> backup the database through using your fbserver as the proxy. I can