| Subject | Re: [firebird-support] Guys! I got it! - Re: Avoiding hard-coding db pass in app - without using db users |
|---|---|
| Author | Doug Chamberlin |
| Post date | 2008-11-10T16:51:26Z |
Zd wrote:
"secure" means in your situation. Could refine your description of who
you are protecting your database access from? That would help in judging
whether a candidate solution would work or not.
Various people have cautioned against using particular solutions because
they would be easily compromised by an experienced Firebird developer,
or by an experienced hacker, or by some other talented person. But if
you are not trying to protect against access by those people you can go
ahead and use those solutions knowing that they will likely protect you
from your target users.
The fact is you cannot protect against anyone who is in this discussion
because we all know the various weaknesses inherent in your scenario.
So, you are already targeting users who do not know what we know. What
other characteristics do they have? Do they know how to program? Do they
know how to install Firebird? Do they know how to use Google?
> So what do you think? I tried and it works, but any ideas whether this is a SECURE solution too?I think one of the big problems here is a lack of definition of what
"secure" means in your situation. Could refine your description of who
you are protecting your database access from? That would help in judging
whether a candidate solution would work or not.
Various people have cautioned against using particular solutions because
they would be easily compromised by an experienced Firebird developer,
or by an experienced hacker, or by some other talented person. But if
you are not trying to protect against access by those people you can go
ahead and use those solutions knowing that they will likely protect you
from your target users.
The fact is you cannot protect against anyone who is in this discussion
because we all know the various weaknesses inherent in your scenario.
So, you are already targeting users who do not know what we know. What
other characteristics do they have? Do they know how to program? Do they
know how to install Firebird? Do they know how to use Google?