What if I just copy the FDB file ?

I'm new to firebird so please for give this question if it sounds stupid. And immediate apologies if this message is in the wrong topic

I've been all over Google and several firebird forums and can't really find an answer.

I've been working with a firebird database for a a little while now and to help work in two places say at home I just took a copy of the fdb file, installed IB Expert and Firebird Server on my PC and away I went

My question is, what's to stop anyone just copying the fdb file, from what I can see the server controls security and if you hook up the fdb file to your own firebird server with the your own sysdba account then you have total freedom to the database, even if you change the sysdba password

Is anyone able to clarify or explain how Firebird security works. I'm working on a website and using firebird for the database and this is a concern for me.

Thanks loads

I've never worked with firebird myself, but typically the password stored in the database is used by the daemon process to authenticate connections to the database. To protect the database files themselves you,
(A) Don't permit access to the server from the internet, only from the CGI server/application server/etc. that uses the database.
(B) Create a separate user account just for the database and set file permissions so that only the database daemon has read/write privileges to the database files.
(C) Don't put the database files where an FTP/HTTP/etc server has access to them.
Or preferably, all the above.

And it's never a bad idea to avoid storing sensitive information in a database that can be accessed over the internet.

Thanks for the info. I've done all that as a matter of course anyway but my query was on top of that. I was just curious

I never store sensitive information in any of my on-line applications I don't want to go the the expense of security the server to satisfy all the relevant data standards

passwords are generated manually off line and hashed on the server.

i don't even store email addresses on-line

i keep an offline copy of the database with all that info in and sync regularly with the on-line copy and generate emails on a seperate machine