| Subject | RE: [firebird-support] Re: change user to DB |
|---|---|
| Author | Dunbar, Norman |
| Post date | 2010-04-27T13:01:53Z |
Afternoon,
everything in any database on that server.
This means that if you have two servers and a database on server_a is
copied to server_b, then anyone with SYSDBA rights can look at all the
data and code inside the database. Unlike Oracle, the SYSDBA password is
set for the entire server, not for each individual database on that
server.
So, to prevent people seeing your data (on server_b when the database is
copied from server_a) you must prevent people copying the database to
server_b.
There are details in the "gbak" manual on preventing this sort of "data
theft" - http://www.firebirdsql.org/manual/gbak-security.html.
What is even worse is the fact that if I get hold of a copy (or a
backup) of your database, I can put it on my server and read all your
data simply by logging in as SYSDBA with *my* sysdba password.
:-(
Cheers,
Norman.
Information in this message may be confidential and may be legally privileged. If you have received this message by mistake, please notify the sender immediately, delete it and do not copy it to anyone else. We have checked this email and its attachments for viruses. But you should still check any attachment before opening it. We may have to make this message and any reply to it public if asked to under the Freedom of Information Act, Data Protection Act or for litigation. Email messages and attachments sent to or from any Environment Agency address may also be accessed by someone other than the sender or recipient, for business purposes. If we have sent you information and you wish to use it please read our terms and conditions which you can get by calling us on 08708 506 506. Find out more about the Environment Agency at www.environment-agency.gov.uk
Information in this message may be confidential and may be legally privileged. If you have received this message by mistake, please notify the sender immediately, delete it and do not copy it to anyone else.
We have checked this email and its attachments for viruses. But you should still check any attachment before opening it.
We may have to make this message and any reply to it public if asked to under the Freedom of Information Act, Data Protection Act or for litigation. Email messages and attachments sent to or from any Environment Agency address may also be accessed by someone other than the sender or recipient, for business purposes.
If we have sent you information and you wish to use it please read our terms and conditions which you can get by calling us on 08708 506 506. Find out more about the Environment Agency at www.environment-agency.gov.uk
>> yes but on another server the SYSDBA have access to my dbYou cannot, at present, prevent the SYSDBA user getting access to
>> and i don't want that.
everything in any database on that server.
This means that if you have two servers and a database on server_a is
copied to server_b, then anyone with SYSDBA rights can look at all the
data and code inside the database. Unlike Oracle, the SYSDBA password is
set for the entire server, not for each individual database on that
server.
So, to prevent people seeing your data (on server_b when the database is
copied from server_a) you must prevent people copying the database to
server_b.
There are details in the "gbak" manual on preventing this sort of "data
theft" - http://www.firebirdsql.org/manual/gbak-security.html.
What is even worse is the fact that if I get hold of a copy (or a
backup) of your database, I can put it on my server and read all your
data simply by logging in as SYSDBA with *my* sysdba password.
:-(
Cheers,
Norman.
Information in this message may be confidential and may be legally privileged. If you have received this message by mistake, please notify the sender immediately, delete it and do not copy it to anyone else. We have checked this email and its attachments for viruses. But you should still check any attachment before opening it. We may have to make this message and any reply to it public if asked to under the Freedom of Information Act, Data Protection Act or for litigation. Email messages and attachments sent to or from any Environment Agency address may also be accessed by someone other than the sender or recipient, for business purposes. If we have sent you information and you wish to use it please read our terms and conditions which you can get by calling us on 08708 506 506. Find out more about the Environment Agency at www.environment-agency.gov.uk
Information in this message may be confidential and may be legally privileged. If you have received this message by mistake, please notify the sender immediately, delete it and do not copy it to anyone else.
We have checked this email and its attachments for viruses. But you should still check any attachment before opening it.
We may have to make this message and any reply to it public if asked to under the Freedom of Information Act, Data Protection Act or for litigation. Email messages and attachments sent to or from any Environment Agency address may also be accessed by someone other than the sender or recipient, for business purposes.
If we have sent you information and you wish to use it please read our terms and conditions which you can get by calling us on 08708 506 506. Find out more about the Environment Agency at www.environment-agency.gov.uk