| Subject | Re: [firebird-support] How to hide the database structure from prying eyes? |
|---|---|
| Author | Nigel Weeks |
| Post date | 2008-10-15T22:49:22Z |
Well, there may be a possibility to obfuscate a database by taking a backup, and
running a tool over the backup file to rename every table, field, trigger and
stored procedure name.
Depends a lot on your application, and whether it's interpreted, and could
survive a substitution filter running over it.
i.e
change every occurance of contacttable to x4hha832b in the backup file
change every occurance of contacttable to x4hha832b in the sources of your
application
Iterate through for every object in the database, lining it up with your source
code as well...
It's not going to protect the structure, but gosh, it'll make it awful to work in.
....Don't rip me to shreds - it's just an idea! :-)
Nige.
running a tool over the backup file to rename every table, field, trigger and
stored procedure name.
Depends a lot on your application, and whether it's interpreted, and could
survive a substitution filter running over it.
i.e
change every occurance of contacttable to x4hha832b in the backup file
change every occurance of contacttable to x4hha832b in the sources of your
application
Iterate through for every object in the database, lining it up with your source
code as well...
It's not going to protect the structure, but gosh, it'll make it awful to work in.
....Don't rip me to shreds - it's just an idea! :-)
Nige.
> Thanks for the code!
> And thanks to tomkrej too for the other example!
>
> <rant>
>
> I was just wondering that in the 21st century, when there are code obfuscators
> and sophisticated security/encoding mechanisms everywhere, why on Earth is it
> such a big deal to make a DB unaccessible to intruders?
>
> I mean I can't believe that no one who does serious software development has
> ever encountered this issue before... Is this the same for other enterprise
> level databases or is it just a "Firebird feature"?
>
> Protecting their own code should be a high-level priority for every software
> developer!
>
> </rant>
>
> ----- Original Message -----
> From: Carlos H. Cantu
> To: Zd
> Sent: Wednesday, October 15, 2008 10:02 PM
> Subject: Re: [firebird-support] How to hide the database structure from prying
> eyes?
>
>
> Z> How exactly do I hide the triggers and stored procedures? Guess
> Z> that would be better than nothing!
>
> To hide source of procedures:
>
> UPDATE rdb$procedures
> SET rdb$procedure_source = NULL
> WHERE ((rdb$system_flag = 0) OR (rdb$system_flag IS NULL))
>
> To hide source of triggers:
>
> UPDATE rdb$triggers a
> SET rdb$trigger_source = NULL
> WHERE ((rdb$system_flag = 0)
> OR (rdb$system_flag IS NULL))
> AND NOT EXISTS(
> SELECT rdb$trigger_name FROM rdb$check_constraints
> WHERE rdb$trigger_name=a.rdb$trigger_name)
>
> For obvious reason, take care to not apply it in your "master"
> database (the one you use for development).
>
> Carlos
> http://www.firebirdnews.org
> FireBase - http://www.FireBase.com.br
>
>
>
>
>
> [Non-text portions of this message have been removed]
>
>