| Subject | Re: [firebird-support] Guys! I got it! - Re: Avoiding hard-coding db pass in app - without using db users |
|---|---|
| Author | Zd |
| Post date | 2008-11-10T17:05:58Z |
Dear Doug,
I have the following assumptions:
Anyone who has access to the database physically (the computer running the database) has access to all the data, since they can replace security.fdb any time with a new one.
What I'm assuming is that the hacker trying to attack the database has the client application's code, but doesn't have a valid username/password combination for the server.
Thus by hard coding the SYSDBA password in the database and using a secure tunnel, the only chance the hacker could have is by brute-forcing the database with username/password combinations. Since the passwords are stored in an MD5hash + salt form, brute-forcing if the users' passwords are strong enough is a no-go.
On the other hand, I also want to protect the database from users who have their own username / password - and also Firebird DBA skills.
I'll save the SYSDBA password in the database in an encrypted form. With the solution I outlined below, I suppose the only chance for an "insider" to get full access to the database remotely is by disassembling the code of my client application - which is not very likely to happen by an everyday user.
What do you think about the above scenarios? From these you might get a feel of what level of security I'm after. Is the solution I outlined good enough or do you see any holes in it?
Thank you!
I have the following assumptions:
Anyone who has access to the database physically (the computer running the database) has access to all the data, since they can replace security.fdb any time with a new one.
What I'm assuming is that the hacker trying to attack the database has the client application's code, but doesn't have a valid username/password combination for the server.
Thus by hard coding the SYSDBA password in the database and using a secure tunnel, the only chance the hacker could have is by brute-forcing the database with username/password combinations. Since the passwords are stored in an MD5hash + salt form, brute-forcing if the users' passwords are strong enough is a no-go.
On the other hand, I also want to protect the database from users who have their own username / password - and also Firebird DBA skills.
I'll save the SYSDBA password in the database in an encrypted form. With the solution I outlined below, I suppose the only chance for an "insider" to get full access to the database remotely is by disassembling the code of my client application - which is not very likely to happen by an everyday user.
What do you think about the above scenarios? From these you might get a feel of what level of security I'm after. Is the solution I outlined good enough or do you see any holes in it?
Thank you!
----- Original Message -----
From: Doug Chamberlin
To: firebird-support@yahoogroups.com
Sent: Monday, November 10, 2008 5:51 PM
Subject: Re: [firebird-support] Guys! I got it! - Re: Avoiding hard-coding db pass in app - without using db users
Zd wrote:
> So what do you think? I tried and it works, but any ideas whether this is a SECURE solution too?
I think one of the big problems here is a lack of definition of what
"secure" means in your situation. Could refine your description of who
you are protecting your database access from? That would help in judging
whether a candidate solution would work or not.
Various people have cautioned against using particular solutions because
they would be easily compromised by an experienced Firebird developer,
or by an experienced hacker, or by some other talented person. But if
you are not trying to protect against access by those people you can go
ahead and use those solutions knowing that they will likely protect you
from your target users.
The fact is you cannot protect against anyone who is in this discussion
because we all know the various weaknesses inherent in your scenario.
So, you are already targeting users who do not know what we know. What
other characteristics do they have? Do they know how to program? Do they
know how to install Firebird? Do they know how to use Google?
[Non-text portions of this message have been removed]