| Subject | Re: How to hide the database structure from prying eyes? |
|---|---|
| Author | Adam |
| Post date | 2008-10-15T22:42:59Z |
> I was just wondering that in the 21st century, when there are codeobfuscators and sophisticated security/encoding mechanisms everywhere,
why on Earth is it such a big deal to make a DB unaccessible to intruders?
>development has ever encountered this issue before... Is this the same
> I mean I can't believe that no one who does serious software
for other enterprise level databases or is it just a "Firebird feature"?
>I can appreciate your rant, but you must understand that the one thing
worse than lacking security is believing you have achieved security
when you have not.
The sorts of measures you have suggested are akin to thinking your car
is secure because you parked it behind a tree where hopefully no-one
pays enough attention to notice there is a car to steal.
I will not post any links here, but you must be thinking about some
particular DBMS with a "password" feature. Now open google in another
tab and search for [dbms name] password recover, download the first
tool that comes up, install it in a VM (in case it is malware ridden),
and then demonstrate your uber hacking skills.
To your point on obfuscators, um, how do you propose obscuring the
code in an open source project? It is of course a logical
impossibility, and if a make-believe perception of security is
something useful for you, then you are free to fork the I/O in
Firebird to create your own. Anything done on a wider scale is no
longer obscure.
The problem is not however in which encryption algorithm to use. If I
understand correctly, this would not be very difficult to implement,
but the key management becomes critical. In other words, your database
is secure only if no-one can recover your database key without
expending more effort than the data is worth. Here you strike a problem.
The database server must know the key to read and write to the
database file (obviously). Who is going to tell the it? Your
application; well sure providing a nasty user doesn't replace your
Firebird server with one that dumps the encryption key to a log file
as soon as your application provides it. And if a project such as
Firebird officially supported built in encryption, you would measure
in days the time before someone released such a build.
Btw, deleting your trigger / SP source doesn't make it unreadable, it
is possible to reverse the logic from BLR. It just makes it more
difficult.
The following document explains much better than me the challenges in
achieving what you believe to be such triviality.
http://www.firebirdsql.org/manual/fbmetasecur.html
Adam