| Subject | Re: [firebird-support] How do I prevent non-SYSDBA user from seeing DB structure? |
|---|---|
| Author | Anderson Farias |
| Post date | 2008-11-09T22:44:24Z |
Hi,
To protect your username/password from 'hackers' (or at least to make more difficult to extract it) save it encrypted (inside your exe or with some other file distributed with it) and decrypt it in memory before logging to the DB. Another way is to use an 'exe packer' (I like UPX) that will make very hard to extract any strings from your EXE.
Good luck,
Anderson Farias
[Non-text portions of this message have been removed]
>Since some of the clients connect through the Internet, I'd like to prevent hackers from extracting theFirst of all you should *never* use SYSDBA to connect from your App. Create some other "normal" user to be used by your app when connecting to the database.
> SYSDBA password from my client programs and getting full access to the database.
To protect your username/password from 'hackers' (or at least to make more difficult to extract it) save it encrypted (inside your exe or with some other file distributed with it) and decrypt it in memory before logging to the DB. Another way is to use an 'exe packer' (I like UPX) that will make very hard to extract any strings from your EXE.
>What does the BLR format mean? From what you wrote I suppose this BLR format can be reverse-engineered so myIt is "compiled" firebird [SQL] code. AFAIK it's harder to read than plain text, but it's not that difficult (to someone familiar with it)
>protection mechanism would be useless...
Good luck,
Anderson Farias
[Non-text portions of this message have been removed]