| Subject | Re: [firebird-support] Re: Confussion over passwords: Tells me my user name and password are not define |
|---|---|
| Author | Paul Vinkenoog |
| Post date | 2009-09-11T11:47:09Z |
Hi blizzard,
makes it *even easier* for the user to access all the data.
But you must understand this: no matter which server you use or what
kind of application you write, if you distribute a database to your
users they can *always* access all the data. After all, what keeps
them from uninstalling and reinstalling Firebird with their own-chosen
SYSDBA password? Or copy the db to another machine where they are
SYSDBA?
The only way you can prevent the user form accessing sensitive data is
to encrypt it before storing it in the database (and hope they won't
be able to hack your app and retrieve the key).
Greetings,
Paul Vinkenoog
> As explained I have a central remote database with my user SYSDBANo, because Embedded doesn't use the security database at all; it
> and password p@ssword.
> Then I have my local client database.
> My software connects to both databases.
> If I could use embedded firebird for the local database, and deploy
> a security2.fdb file, would that then mean they could not access the
> local DB without the correct password?
makes it *even easier* for the user to access all the data.
But you must understand this: no matter which server you use or what
kind of application you write, if you distribute a database to your
users they can *always* access all the data. After all, what keeps
them from uninstalling and reinstalling Firebird with their own-chosen
SYSDBA password? Or copy the db to another machine where they are
SYSDBA?
The only way you can prevent the user form accessing sensitive data is
to encrypt it before storing it in the database (and hope they won't
be able to hack your app and retrieve the key).
Greetings,
Paul Vinkenoog