On 24/08/2015 10:24, James Starkey wrote: > > > On Monday, August 24, 2015, Adriano dos Santos Fernandes > <adrian...@gmail.com <mailto:adrian...@gmail.com>> wrote: > > On 24/08/2015 09:16, James Starkey wrote: > > > > No problem other than this requires that database account > credentials > > be on the client disk and therefor theoretically available to an > attacker. > > > > There is no way to make any of this easy. > > I think it's clear that when you mix: > - A possible attacker has physical access to the server > - An open source product > - An "autonomous server", that get keys from a file or from network > > You cannot have security. With only two of these three items you still > never cannot. > > > Go back and re-read the scheme I outlined. The idea is that the > server isn't autonomous but requires a key provided from an external > network connection to be fully functional -- but then it doesn't need > to be fully functional until a network connection shows up. > > > I think people should understand that they cannot put their own > software > with the database on a customer and avoid him to stole database > data and > objects in this situation. > > This security is fake. It can only be beneficial for some > people/organization to do "consulting services" to brake Firebird > security and earn lots of money with easy work. > > > > > Before you declare it fake, show the flaw. > >
You're here mainly to build ideas for your products, not for Firebird, so it's not about open source. An open source software who attacker has physical access to it can be replaced with a compromised one who get keys. One could have a secure "decrypt server", which will be there just to not have a single proper server setup. Adriano ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
