Subject RES: [firebird-support] Firebird security acessing database on other server as SYSDBA
Author Marcelo Trópia
Hi Iwan, thank you.

Regarding DB2 security (mainframe DB2 no z/OS), yes, there is this kind of
security. If someone copy the VSAM dataset (DB2 tablespace access method)
and try to register this tablespace on other DB2 instance, DB2 will not
accept it because dbid and obid identifiers are stored inside the dataset
and you need to know these identifiers to inform to DB2. Someone with a deep
knowing of DB2 (a hacker) could discover these identifiers, but it is not
easy.

Best regards,
Marcelo

-----Mensagem original-----
De: firebird-support@yahoogroups.com
[mailto:firebird-support@yahoogroups.com] Em nome de Iwan Cahyadi Sugeng
Enviada em: segunda-feira, 5 de março de 2012 15:35
Para: firebird-support@yahoogroups.com
Assunto: Re: [firebird-support] Firebird security acessing database on other
server as SYSDBA

I would like to say welcome aboard..

This issue has been discussed and will be implemented in firebird 3.0
version. See it in this link:
http://tracker.firebirdsql.org/browse/CORE-3368
That is one of the solution propose, but there are a lot other similar
suggestion an request from other user. It is plan to release the feature at
least on the 3.0 alpha 1. Just wait and see.

But one thing i want to know, since you are an experiance DB2 admin user, is
DB2 has such security?i mean, as far as i know, sql server database can
still be access by another sql server if we copied the database file to
another sql server which we know the admin password. And one of database
system that can't be opened even if we move to another computer is
Access:D.

Iwan

On Mon, Mar 5, 2012 at 6:32 PM, marcelo.tropia
<marcelo.tropia@...>wrote:

> **
>
>
> I am an experienced database administrator using DB2 on mainframe for
> 25 years and "discovered" Firebird just now and enjoyed it.
> I developed a software and was thinking of using Firebird to lower the
> customer expenses, since it is free of cost.
> Well, executing some security tests I found that one database copied
> from one server can be opened by another server using SYSDBA user. It
> is not acceptable (in my point of view), since customer data can be
> exposed to undesirable people and my database metadata could be
> acessed by unauthorized people.
>
> I've seen other posts saying that this kind of security must be
> implemented at OS level protecting the DB file to be copied. Some
> other posts say that encryption is the solution. I dont't agree with
> both solutions. If I deliver my software, the files are not in my
> control and it can be copied and opened on other FB server using
> SYSDBA user. Encryption is not a solution too, since a FB server can open
it and extract the data.
>
> I think the solution would be saving the SYSDBA password inside the
> database and encrypting it.
>
> What do you think?
>
>
>



--
Iwan Cahyadi Sugeng
Interaktif Cipta Lestari


[Non-text portions of this message have been removed]



------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Visit http://www.firebirdsql.org and click the Resources item
on the main (top) menu. Try Knowledgebase and FAQ links !

Also search the knowledgebases at http://www.ibphoenix.com

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Yahoo! Groups Links