Subject RE: [firebird-support] advice re securing a database
Author Alan McDonald
> we develop a software package (with a firebird backend) for external
> clients. but we also use this software internally.
> i am being asked to secure our internal database so that the developers
> cannot have free reign to it. this is because management want to store
> sensitive data inside with confidence.
> the problem i have is that the SYSDBA connection credentials are held
> within our application codebase in order for the app to connect to the
> database etc.
> ive been trying to think through this problem and have come up with a
> couple of solutions:
> i) Somehow restrict access to the database at a windows file system
> level. so that even if the developers know the password they will have
> no read/write access the database. but i am thinking that if port 3050
> is open they could just gain access via an SQL client such as IBExpert
> etc? (this would be the best, least impact solution)
> 2) Change the Firebird user which the application uses to connect from
> SYSDBA to a new custom user that somehow restricts viewing of data???
> (I dont even know if this is possible)
> 3) Change the SYSDBA password and encrypt it with some salt do that the
> developers have no idea what the password is. (not great, as this would
> mean changing a lot of code on our part etc.)
> i was wondering if anybody could offer some advice, thanks

Martin you need to read this first and then you will ask some quite
different questions:
Also read the manuals about SQL ROLEs
You'll find a lot of doccumenation here: