| Subject | AW: [firebird-support] Firebird - no security??? Seems unbelievable.... |
|---|---|
| Author | Steffen Heil |
| Post date | 2009-11-05T21:00:11Z |
And you really expect such a Access database to be "safe" ?
If install any [usual] database to my computer (mysql, mssql, firebird,
access, more...) and if I can run an application using it, I will be able to
tell you the username and password for that database.
You cannot prevent that, unless you can restrict access to the machine the
database is running on - be it on another computer or the same, if the OS is
locked and safe. [Safe here is hard to do, you propably also need hard drive
encryption and TPM or such and a secure OS - hard to find these days...]
Regards,
Steffen
-----Ursprüngliche Nachricht-----
Von: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] Im Auftrag von neighbour.kerry
Gesendet: Donnerstag, 5. November 2009 13:59
An: firebird-support@yahoogroups.com
Betreff: [firebird-support] Firebird - no security??? Seems unbelievable....
I have been using Firebird 2.1 for some time now (developing in Delphi 7).
It is now time to start putting the system with customer's. So I want to add
access control and passwords, etc.
It seems that this is not possible, and I am puzzled. Even MSAccess can do
this.
I know how to change the SYSDBA password (using GSEC, etc). I can and have
done this ok.
There are two problems with this - at least.
1. This password is for ALL databases. So the password is for the server,
not the databases.
2. all someone has to do is copy a passworded database to another server -
with a password that they know - and they are in! Seems rather pointless
using passwords at all.
From reading this forum, I see that the only real way to put any sort of
access control is to use Roles. But if you login as SYSDBA, what is the
point? Surely Roles are not relevant then?
If I have this all wrong, then please feel free to clear me up!
------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://www.firebirdsql.org and click the Resources item
on the main (top) menu. Try Knowledgebase and FAQ links !
Also search the knowledgebases at http://www.ibphoenix.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Yahoo! Groups Links
[Non-text portions of this message have been removed]
If install any [usual] database to my computer (mysql, mssql, firebird,
access, more...) and if I can run an application using it, I will be able to
tell you the username and password for that database.
You cannot prevent that, unless you can restrict access to the machine the
database is running on - be it on another computer or the same, if the OS is
locked and safe. [Safe here is hard to do, you propably also need hard drive
encryption and TPM or such and a secure OS - hard to find these days...]
Regards,
Steffen
-----Ursprüngliche Nachricht-----
Von: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] Im Auftrag von neighbour.kerry
Gesendet: Donnerstag, 5. November 2009 13:59
An: firebird-support@yahoogroups.com
Betreff: [firebird-support] Firebird - no security??? Seems unbelievable....
I have been using Firebird 2.1 for some time now (developing in Delphi 7).
It is now time to start putting the system with customer's. So I want to add
access control and passwords, etc.
It seems that this is not possible, and I am puzzled. Even MSAccess can do
this.
I know how to change the SYSDBA password (using GSEC, etc). I can and have
done this ok.
There are two problems with this - at least.
1. This password is for ALL databases. So the password is for the server,
not the databases.
2. all someone has to do is copy a passworded database to another server -
with a password that they know - and they are in! Seems rather pointless
using passwords at all.
From reading this forum, I see that the only real way to put any sort of
access control is to use Roles. But if you login as SYSDBA, what is the
point? Surely Roles are not relevant then?
If I have this all wrong, then please feel free to clear me up!
------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://www.firebirdsql.org and click the Resources item
on the main (top) menu. Try Knowledgebase and FAQ links !
Also search the knowledgebases at http://www.ibphoenix.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Yahoo! Groups Links
[Non-text portions of this message have been removed]