> All other database engines that I have worked with provide password > protection, even SQLite, which is used primarily for desktop and device > applications.
I'm not familiar which the technique SQLite uses. But either they are using the password to encrypt database or it is an fake protection and anyone can use an modified SQLite to access that database which is simply ignoring password. > I agree that the best way to protect any such database file is either through > internalized encryption, which I believe is now offered with Firebird 3.xx or > complete file encryption. However, would it not be easy enough for the > Firebird Development Group to simply implement the security constructs for > the embedded edition as it is for its server-side siblings given that all > such editions are primarily the same? Even the "server side security" is meaningless once the illegitimate user does have direct access to database file. Your idea sounds like the "security by obscurity" approach used in some closed-source systems as e.g. MS-Access - ask google how to remove that password protection. That approach is worth nothing in an open source context. Elmar
