Subject | Re: [firebird-support] Firebird security acessing database on other server as SYSDBA |
---|---|
Author | Iwan Cahyadi Sugeng |
Post date | 2012-03-05T18:35:08Z |
I would like to say welcome aboard..
This issue has been discussed and will be implemented in firebird 3.0
version. See it in this link:
http://tracker.firebirdsql.org/browse/CORE-3368
That is one of the solution propose, but there are a lot other similar
suggestion an request from other user. It is plan to release the feature at
least on the 3.0 alpha 1. Just wait and see.
But one thing i want to know, since you are an experiance DB2 admin user,
is DB2 has such security?i mean, as far as i know, sql server database can
still be access by another sql server if we copied the database file to
another sql server which we know the admin password. And one of database
system that can't be opened even if we move to another computer is
Access:D.
Iwan
This issue has been discussed and will be implemented in firebird 3.0
version. See it in this link:
http://tracker.firebirdsql.org/browse/CORE-3368
That is one of the solution propose, but there are a lot other similar
suggestion an request from other user. It is plan to release the feature at
least on the 3.0 alpha 1. Just wait and see.
But one thing i want to know, since you are an experiance DB2 admin user,
is DB2 has such security?i mean, as far as i know, sql server database can
still be access by another sql server if we copied the database file to
another sql server which we know the admin password. And one of database
system that can't be opened even if we move to another computer is
Access:D.
Iwan
On Mon, Mar 5, 2012 at 6:32 PM, marcelo.tropia <marcelo.tropia@...>wrote:
> **
>
>
> I am an experienced database administrator using DB2 on mainframe for 25
> years and "discovered" Firebird just now and enjoyed it.
> I developed a software and was thinking of using Firebird to lower the
> customer expenses, since it is free of cost.
> Well, executing some security tests I found that one database copied from
> one server can be opened by another server using SYSDBA user. It is not
> acceptable (in my point of view), since customer data can be exposed to
> undesirable people and my database metadata could be acessed by
> unauthorized people.
>
> I've seen other posts saying that this kind of security must be
> implemented at OS level protecting the DB file to be copied. Some other
> posts say that encryption is the solution. I dont't agree with both
> solutions. If I deliver my software, the files are not in my control and it
> can be copied and opened on other FB server using SYSDBA user. Encryption
> is not a solution too, since a FB server can open it and extract the data.
>
> I think the solution would be saving the SYSDBA password inside the
> database and encrypting it.
>
> What do you think?
>
>
>
--
Iwan Cahyadi Sugeng
Interaktif Cipta Lestari
[Non-text portions of this message have been removed]