Re: [firebird-support] How to protect database Firebird in client side
dear rudyhuan...@ymail.com I think this link will help you: http://www.destructor.de/firebird/gsec.htm On Wed, Jan 8, 2014 at 2:21 PM, liviusliv...@poczta.onet.pl < liviusliv...@poczta.onet.pl> wrote: > > > Hi, > > Your design is wrong from security POV > If you need to protect db from copy - put it on server where only admin > have access. Then "noone" can copy your db. > If you put it on client computer you accept that risk at start > > > Regards, > Karol Bieniaszewski > > > - Reply message - > Od: "Virna Constantin" > Do: "firebird-support@yahoogroups.com" > Temat: [firebird-support] How to protect database Firebird in client side > Data: śr., sty 8, 2014 07:43 > > > > > http://www.firebirdfaq.org/faq344/ can not be a solution? > > > On Monday, January 6, 2014 7:31 PM, "rudyhuan...@ymail.com" < > rudyhuan...@ymail.com> wrote: > > > Hello Team Support, > > I installed on a client machine, the ERP.FDB file and the application. > Now, I came to know that, one guy in the client place, stole > the ERP.FDB and tried several passwords and did not get it, so, he > installed a FIREBIRD on his computer and copied the ERP.FDB and opened it > with FIREBIRD default password, and stole the entire db design. > > How to protect from this kind of things ? > How to make sure, that the database cannot be copied? > > > Regards & Thanks, > > > > Rudy Huang > > > > > >
Re: [firebird-support] How to protect database Firebird in client side
http://www.firebirdfaq.org/faq344/ can not be a solution? On Monday, January 6, 2014 7:31 PM, "rudyhuan...@ymail.com" wrote: Hello Team Support, I installed on a client machine, the ERP.FDB file and the application. Now, I came to know that, one guy in the client place, stole the ERP.FDB and tried several passwords and did not get it, so, he installed a FIREBIRD on his computer and copied the ERP.FDB and opened it with FIREBIRD default password, and stole the entire db design. How to protect from this kind of things ? How to make sure, that the database cannot be copied? Regards & Thanks, Rudy Huang
Re: [firebird-support] How to protect database Firebird in client side
> Hello Team Support, > > > I installed on a client machine, the ERP.FDB file and the application. > Now, I came to know that, one guy in the client place, stole > the ERP.FDB and tried several passwords and did not get it, so, he > installed a FIREBIRD on his computer and copied the ERP.FDB and opened > it with FIREBIRD default password, and stole the entire db design. > > How to protect from this kind of things ? > How to make sure, that the database cannot be copied? Additional to the other comments. Firebird 3 will have support for optionally login credentials being embedded in the regular database and IIRC optional data and/or over-the-wire encryption. But V3 is in Alpha stage and not recommended for production usage. Although being far away from bullet-proof, but you could at least lock out SYSDBA from logging in by creating an equally named role, but then SYSDBA must not be an owner of the database and any database object (table, view etc.). Not bullet-proof, because knowledgeable people could open the database in a HEX editor and change the role name. But I found that as a first countermeasure quite ok in the past, especially when customers have initially no idea about Firebird, but then rather quickly found out the SYSDBA/masterkey combination via Google. -- With regards, Thomas Steinmaurer http://www.upscene.com/ Professional Tools and Services for Firebird FB TraceManager, IB LogManager, Database Health Check, Tuning etc.
Re: [firebird-support] How to protect database Firebird in client side
On 06 Jan 2014 02:12:50 -0800, wrote: > I installed on a client machine, the ERP.FDB file and the application. > Now, I came to know that, one guy in the client place, stole the ERP.FDB > and tried several passwords and did not get it, so, he installed a > FIREBIRD on his computer and copied the ERP.FDB and opened it with > FIREBIRD default password, and stole the entire db design. > > How to protect from this kind of things ? > How to make sure, that the database cannot be copied? As soon as someone has physical access to the database file, there is nothing you can do to prevent this. The only 'protection' you have is the legal protection of copyright and intellectual property rights, and the contract with your client. Mark
Re: [firebird-support] How to protect database Firebird in client side
On 2014-01-06 05:12, rudyhuan...@ymail.com wrote: > I installed on a client machine, the ERP.FDB file and the application. > > Now, I came to know that, one guy in the client place, stole the ERP.FDB and > tried several passwords and did not get it, so, he installed a FIREBIRD on > his computer and copied the ERP.FDB and opened it with FIREBIRD default > password, and stole the entire db design. > > How to protect from this kind of things ? > How to make sure, that the database cannot be copied? I believe there is no way to protect against this type of problem. Once someone has physical possession of a database (any database of any kind) there is not much you can do to prevent them from accessing the data within it. You can make it harder for them by adding layers of additional obscurity designed to make it difficult to figure out how to get to the data but in the end you cannot prevent them from getting there. -- Cheers! Rich Saunders [Non-text portions of this message have been removed]
