Subject Re: [firebird-support] Need security advice from the pros
Author Steve Wiser
Since you state you have to work with sysdba in production as the db
user what about trying something like this:

1) Have client talk to the server over an ecnrypted tunnel only
2) Create a user that can only run a login stored procedure that takes
the application user and password and returns the correct sysdba password

Your app will login using the hard coded user that can only run the
login routine and the user will have to put in their correct user ID and
password. If it is good then the login procedure returns the sysdba
password to your app and you can then reconnect using the sysdba user.

-steve

Zd wrote:
>
> Dear Group,
>
> Please help me with the following security considerations:
>
> My program connects to an FB2.1 DB running on XP. Many different users
> are going to use my client program to connect to the database.
>
> Unfortunately, my program doesn't use "users" in the FB DB, instead it
> uses the SYSDBA password to connect to the database. Each user has a
> login/pass pair stored in the database in a table that is used for
> authentication inside my program.
>
> Here are my problems:
> 1, I can't redesign the program since it has a sofisticated built-in
> rights management mechanism, so I have to stay with the solution
> outlined above.
> 2, Clients will be connecting through LAN and through the Internet -
> so the database will be exposed on the Internet.
> 3, The program will be running at different companies.
>
> I came up with the following ideas:
> 1, Storing the SYSDBA pass encoded in the app's code. -> The problem:
> a good hacker could reverse engineer the code and get access to any of
> companies' databases running my program!
> 2, Storing the SYSDBA pass in a separate file, using a different
> passfile for each company -> The problem: a good hacker could get and
> reverse engineer the code from the file and hack the company's database
> 3, Creating a separate DB user for each user of my program's users
> with SYSDBA rights. Username / password would match their logins from
> the program. -> The problem: the users could use a simple DB manager
> to connect to the database and have access to all the data.
> 4, The SYSDBA password is changed every night automatically. Before
> the client authenticates, it gets the actual password using an SSL
> connection (by giving their username / password). The encoded password
> is sent over the network. -> The problem: a good hacker could get the
> password sent over the Internet. One day should be more than enough to
> get the contents of the entire database!
>
> Any other options that I have available? From the above, option 4
> seems to be the most secure for more, but any ideas are welcome!
>
> Thank you:
> Zd
>
> [Non-text portions of this message have been removed]
>
>