----- Original Message -----
From: "Alexandre Benson Smith" <iblist@...>
> The problem with encryption is that you have to store the key on some
> place (inside the aplication ?) not a so secure approach either.
>
> Another point is.. you will have problems to do inequality search with
> encrypted data.
>
> There is no easy way to protect the data when one has physical access to
> the database file.
I understand that now, but what is the "proper" way to grant an application
access to the database? At the moment I have the default sysdba password
hardcoded in my app, but if the user changes their sysdba password, which
most people with Firebird really should for security, then they cannot
access my application.
Is the "proper" way to grant an application access to the database to use
the sysdba user, or is it to create a new user in the Firebird security
database (and if so can you do that the first time the application is run
when a person installs the application)?
Where is the best place to put the user's password (hardcoded, registry, ini
file - not very secure is it) or somewhere else?