Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Firebird Database Password

Tags:

database

firebird

I really want to know, how to secure a firebird database from being opened by any user but from the application it self. If I distribute a desktop application with a single file Firebird database (not embedded), how to protect the database from being copied to another machine running Firebird with known sysdba password?

I have searched the question related with this subject, and only find this: Finding a legacy firebird/Interbase database password

If the answer in that post was true, how to use desktop application with firebird database and forbid any user to open it using another machine? Or should I use other database like mySQL or PostgreSQL?

PS: I use Delphi 2006 to develop the GUI.

like image 491
WishKnew Avatar asked Feb 28 '23 21:02

WishKnew

2 Answers

You are missing the point when thinking about the password to the Firebird database - the server is open source, so there's no way to do what you want. The user can simply recompile the server with password checking commented out.

Basically there's only two things you could do:

  • Write your own modifications to the Firebird server, so that it writes a database file that is incompatible with all other servers. It doesn't matter then that people can transfer the database to another machine, as the standard server executables won't be able to access the data in the database.

  • Write only encrypted data to the file, so that it doesn't matter that access to the database is possible.

Both are of course not fool-proof either, as a determined cracker can simply use your own application to get at the data. Having permission to attach a debugger to the running process can be enough to halt execution of your application at any point in time and to examine the (decrypted) data in RAM. See also the SO question "How can I increase memory security in Delphi?", especially this answer, for more information on this topic.

BTW: this is something that can be done whatever database engine you choose, to answer the last part of your question.

like image 87
mghie Avatar answered Mar 12 '23 04:03

mghie

how to use desktop application with firebird database and forbid any user to open it using another machine

If you mean that user has both the enrypted data and the key, you are doing DRM. The definitive answer is: you can't. You can slow down the user by hiding the key with different methods, but you can't stop them.

like image 45
John Smith Avatar answered Mar 12 '23 04:03

John Smith
Sign in to Comment

Related questions

How does inverse symbolic calculator work? [closed]
Laravel: whereIn with variable
CouchDB - Does synchronization copy a database to all users?
Extracting labels from SPSS files in R
How to save user data in electron.js app?
Exact length column in SQL Server
What does database connection limit mean?
Understanding of Isolation in Cassandra Db
Does OneToMany(fetch=FetchType.EAGER) executes N+1 queries
how to get a sql query in a pivot format?
cannot update table Temp Table because it does not have a replica identity and publishes updates in Postgres
Adding constraint on Django Models based on values of another field
How to insert into another table after Registration on Laravel?
Performance comparison of using Redis hashes vs many keys
How is Mnesia disc_copies table stored in ram when application starts?
What are some techniques for stored database keys in URL
Best approach for sortable table with a lot of data
Optimizations for a Write heavy Oracle application?
How to create And / Or relations in a database?
What is the best method for getting a database connection/object into a function in PHP?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!