#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Posts
    2
    Rep Power
    0

    What if I just copy the FDB file ?


    I'm new to firebird so please for give this question if it sounds stupid. And immediate apologies if this message is in the wrong topic

    I've been all over Google and several firebird forums and can't really find an answer.

    I've been working with a firebird database for a a little while now and to help work in two places say at home I just took a copy of the fdb file, installed IB Expert and Firebird Server on my PC and away I went

    My question is, what's to stop anyone just copying the fdb file, from what I can see the server controls security and if you hook up the fdb file to your own firebird server with the your own sysdba account then you have total freedom to the database, even if you change the sysdba password

    Is anyone able to clarify or explain how Firebird security works. I'm working on a website and using firebird for the database and this is a concern for me.

    Thanks loads
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    May 2007
    Posts
    765
    Rep Power
    929
    I've never worked with firebird myself, but typically the password stored in the database is used by the daemon process to authenticate connections to the database. To protect the database files themselves you,
    (A) Don't permit access to the server from the internet, only from the CGI server/application server/etc. that uses the database.
    (B) Create a separate user account just for the database and set file permissions so that only the database daemon has read/write privileges to the database files.
    (C) Don't put the database files where an FTP/HTTP/etc server has access to them.
    Or preferably, all the above.

    And it's never a bad idea to avoid storing sensitive information in a database that can be accessed over the internet.
    sub{*{$::{$_}}{CODE}==$_[0]&& print for(%:: )}->(\&Meh);
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Posts
    2
    Rep Power
    0
    Thanks for the info. I've done all that as a matter of course anyway but my query was on top of that. I was just curious

    I never store sensitive information in any of my on-line applications I don't want to go the the expense of security the server to satisfy all the relevant data standards

    passwords are generated manually off line and hashed on the server.

    i don't even store email addresses on-line

    i keep an offline copy of the database with all that info in and sync regularly with the on-line copy and generate emails on a seperate machine

IMN logo majestic logo threadwatch logo seochat tools logo