Board index » delphi » IB601 Security problem

IB601 Security problem

Hi,
using InterBase601 (Open Source) i'm not able to get a database really safe,
i'll make you better understand my problem with an example:
We have 2 computer named A and B (not connected to a netword, both with IB
security patch installed).
Computer A:
1. Change SYSDBA password from "masterkey" to "misterx"
2. Creation of a database "TEST.GDB" (containing TABLES, VIEWS, etc....)

Computer B:
1. SYSDBA keeps default password "masterkey"
2. Copy TEST.GDB from Computer A
3. I CAN OPEN AND USE THIS DATABASE WITHOUT ANY RESTRICTION while I expected
a system deny.
As SYSDBA and "masterkey" are of public domain , how can I protect a
database in order to deny connection to unauthorized users ?

Thanks
Davide Pasqualini (dav...@libero.it)

 

Re:IB601 Security problem


IB Security relies on the OS level security at the physical GDB level.  You
bypassed the OS security when you allowed access to copying it physically.  The
usernames and passwords are secured in a separate DB.  The users have no need to
have any kind of access to the directory other than knowing the actual path.
That path does not and should not be shared with the outside world.

Quote
Davide Pasqualini wrote:

> Hi,
> using InterBase601 (Open Source) i'm not able to get a database really safe,
> i'll make you better understand my problem with an example:
> We have 2 computer named A and B (not connected to a netword, both with IB
> security patch installed).
> Computer A:
> 1. Change SYSDBA password from "masterkey" to "misterx"
> 2. Creation of a database "TEST.GDB" (containing TABLES, VIEWS, etc....)

> Computer B:
> 1. SYSDBA keeps default password "masterkey"
> 2. Copy TEST.GDB from Computer A
> 3. I CAN OPEN AND USE THIS DATABASE WITHOUT ANY RESTRICTION while I expected
> a system deny.
> As SYSDBA and "masterkey" are of public domain , how can I protect a
> database in order to deny connection to unauthorized users ?

> Thanks
> Davide Pasqualini (dav...@libero.it)

--
Jeff Overcash (TeamB)
      (Please do not email me directly unless  asked. Thank You)
The fool escaped from paradise will look over his shoulder and cry
Sit and chew on daffodils and struggle to answer why?
As you grow up and leave the playground
Where you kissed your Prince and found your frog
Remember the jester that showed you tears, the script for tears. (Fish)

Re:IB601 Security problem


Quote
In article <3c10da60_2@dnews>, dav...@libero.it wrote...

Hi,

Quote
> As SYSDBA and "masterkey" are of public domain , how can I protect a
> database in order to deny connection to unauthorized users ?

Make sure you have the file system securityy setup correctly.  Only the
IB server process needs rights to access the directory where the GDB
file is located.

J

Re:IB601 Security problem


Quote
"Davide Pasqualini" <dav...@libero.it> wrote in message

news:3c10da60_2@dnews...

Quote
> Hi,
[snip]
> As SYSDBA and "masterkey" are of public domain , how can I protect a
> database in order to deny connection to unauthorized users ?

You can't really. Users and passwords are system specific, not database
specific. You can really only do 1 of 2 things:

1. Use an encryption scheme that reads and writes the data so that even if
they get access, it shows them "garbage".

2. Prevent access to the database or the directory it's in so it can't be
copied. This is the best method but can't really be done when using local
databases, only networks.

HTH
Woody

Re:IB601 Security problem


Hi,

I had the same issue and realised that the only way to get around is either
encryption or generating some sort of checksum per rows of data .

And this is the case w/ every database (for example you could steal a backup
of an SQL server and restore it on another system) ,you either trust the
operating system and the systems admins or you go with your program
encryption .

Personally I'd prefer the checksum method as the client doesn't rely always
on my software , but this makes sure that none can make modifications via
the op system.

kind regards,
Gabor Faludi

Quote
"Woody" <woody....@ih2000.net> wrote in message news:3c10e63f$1_1@dnews...
> "Davide Pasqualini" <dav...@libero.it> wrote in message
> news:3c10da60_2@dnews...
> > Hi,
> [snip]
> > As SYSDBA and "masterkey" are of public domain , how can I protect a
> > database in order to deny connection to unauthorized users ?

> You can't really. Users and passwords are system specific, not database
> specific. You can really only do 1 of 2 things:

> 1. Use an encryption scheme that reads and writes the data so that even if
> they get access, it shows them "garbage".

> 2. Prevent access to the database or the directory it's in so it can't be
> copied. This is the best method but can't really be done when using local
> databases, only networks.

> HTH
> Woody

Other Threads