Re: [firebird-support] How can I prevent that my database can be opened with another security.fdb.

2016-04-11 Thread 'Carlos H. Cantu' lis...@warmboot.com.br [firebird-support]

Re: [firebird-support] How can I prevent that my database can be opened with another security.fdb.

2016-04-11 Thread 'Thomas Steinmaurer' t...@iblogmanager.com [firebird-support] 
> Dear all,
> If blocking SYSDBA from connecting the database is the goal, than ones can
> create a role with the name SYSDBA.Is there any minus about this?

AFAIR, this needs to be done with a direct system table insertion in RDB$ROLES 
with 2.5 and earlier. I don't know if this has changed in Firebird 3, but for 
sure, Firebird 3 will reject direct system table modifications at all.


--
With regards,
Thomas Steinmaurer
http://www.upscene.com

Professional Tools and Services for Firebird
FB TraceManager, IB LogManager, Database Health Check, Tuning etc.

Re: [firebird-support] How can I prevent that my database can be opened with another security.fdb.

2016-04-11 Thread Tjioe Hian Pin thp_p...@yahoo.com [firebird-support] 
Dear all,
If blocking SYSDBA from connecting the database is the goal, than ones can 
create a role with the name SYSDBA.Is there any minus about this?
Regards,Tjioe

Re: [firebird-support] How can I prevent that my database can be opened with another security.fdb.

2016-04-11 Thread 'Thomas Steinmaurer' t...@iblogmanager.com [firebird-support] 
Hi,

> Dear all,
> Though I don't have the same question as Roland, information below by Virna
> Constantin (costel...@yahoo.com) is very useful.Thanks every one.
> Regards,Tjioe
> 
> Suggestion
> event studies "on connect"
> 1. an application with minimum rights connects to the database
> 1 '. in table "mon$attachmnts" field "MON$REMOTE_PROCESS" will record the
> application name
> 2.  in the trigger event "on connect" if the user connects SysAdmin, verifies
> the application name in "MON$REMOTE_PROCESS"

Just FYI: In practice it is possible to suppress database triggers (DPB: 
isc_dpb_no_db_triggers) when connecting as the database owner or as SYSDBA. 
E.g. isql has a special command-line option "-nodbtriggers" to bypass database 
triggers at connect time to e.g. modify/drop the trigger afterwards.

--
With regards,
Thomas Steinmaurer
http://www.upscene.com

Professional Tools and Services for Firebird
FB TraceManager, IB LogManager, Database Health Check, Tuning etc.

Re: [firebird-support] How can I prevent that my database can be opened with another security.fdb.

2016-04-10 Thread thp_pkmi thp_p...@yahoo.com [firebird-support] 
Dear all,
Though I don't have the same question as Roland, information below by Virna 
Constantin (costel...@yahoo.com) is very useful.Thanks every one.
Regards,Tjioe

Suggestion
event studies "on connect"
1. an application with minimum rights connects to the database
1 '. in table "mon$attachmnts" field "MON$REMOTE_PROCESS" will record the 
application name
2.  in the trigger event "on connect" if the user connects SysAdmin, verifies 
the application name in "MON$REMOTE_PROCESS"

sorry for my English

Re: [firebird-support] How can I prevent that my database can be opened with another security.fdb.

2016-04-08 Thread Dimitry Sibiryakov s...@ibphoenix.com [firebird-support] 
08.04.2016 11:32, Elmar Haneke el...@haneke.de [firebird-support] wrote:
> You can use database encryption for that purpose

   No. Encryption can protect "cold" database on HDD in garbage collector, for 
example, 
but not an active one.

-- 
   WBR, SD.






++

Visit http://www.firebirdsql.org and click the Documentation item
on the main (top) menu.  Try FAQ and other links from the left-side menu there.

Also search the knowledgebases at http://www.ibphoenix.com/resources/documents/ 

++


Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/firebird-support/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/firebird-support/join
(Yahoo! ID required)

<*> To change settings via email:
firebird-support-dig...@yahoogroups.com 
firebird-support-fullfeatu...@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
firebird-support-unsubscr...@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
https://info.yahoo.com/legal/us/yahoo/utos/terms/

Re: [firebird-support] How can I prevent that my database can be opened with another security.fdb.

2016-04-08 Thread Elmar Haneke el...@haneke.de [firebird-support] 

> How can I prevent that my database can be opened with another
> security.fdb.

You can use database encryption for that purpose - without knowing the
encryption key there is no way to access database.

In FB3 there is a new plugin mechanism for encryption added you should
have a look ath that.

Elmar

Re: [firebird-support] How can I prevent that my database can be opened with another security.fdb.

2016-04-08 Thread Dimitry Sibiryakov s...@ibphoenix.com [firebird-support] 
08.04.2016 10:12, 'Mueller, Roland (GE87)' roland.muel...@honeywell.com 
[firebird-support] 
wrote:
> Is there any way to prevent this and only use our authentication ?

   No.

-- 
   WBR, SD.






++

Visit http://www.firebirdsql.org and click the Documentation item
on the main (top) menu.  Try FAQ and other links from the left-side menu there.

Also search the knowledgebases at http://www.ibphoenix.com/resources/documents/ 

++


Yahoo Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/firebird-support/

<*> Your email settings:
Individual Email | Traditional

<*> To change settings online go to:
http://groups.yahoo.com/group/firebird-support/join
(Yahoo! ID required)

<*> To change settings via email:
firebird-support-dig...@yahoogroups.com 
firebird-support-fullfeatu...@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
firebird-support-unsubscr...@yahoogroups.com

<*> Your use of Yahoo Groups is subject to:
https://info.yahoo.com/legal/us/yahoo/utos/terms/

Re: [firebird-support] How can I prevent that my database can be opened with another security.fdb.

2016-04-08 Thread 'Mueller, Roland (GE87)' roland.muel...@honeywell.com [firebird-support] 
Thanks for your suggestions.

I am actually searching for another way. This database is part of an 
application that is deployed at our customers.
In the new firebird release it is possible to choose security authentication 
via external .fbd file or programmed into the database itself.

We want to use the authentication in our own database and prevent any use of 
.fdb files for access. Now if a customer has our database, he simply can set 
security3.fdb and gain access to the DB.
Is there any way to prevent this and only use our authentication ?

regards Roland

Re: [firebird-support] How can I prevent that my database can be opened with another security.fdb.

2016-04-08 Thread Virna Constantin costel...@yahoo.com [firebird-support] 
Suggestion
event studies "on connect"
1. an application with minimum rights connects to the database
1 '. in table "mon$attachmnts" field "MON$REMOTE_PROCESS" will record the 
application name
2.  in the trigger event "on connect" if the user connects SysAdmin, verifies 
the application name in "MON$REMOTE_PROCESS"

sorry for my English

Re: [firebird-support] How can I prevent that my database can be opened with another security.fdb.

2016-04-08 Thread Norman Dunbar nor...@dunbar-it.co.uk [firebird-support] 
I would suggest that the best way to prevent anyone getting hold of your 
database and opening it with a separate security database is to have good 
security & physical protection on your server, limited access to the server 
room (if appropriate) and so on. Normal security precautions in other words.

Keep all your backups safe and secure as well. These can be used against you 
also. You might want to consider encrypting them with something like GPG before 
sending them off-site - if that's what you would do in a production environment 
- or even storing them on-site where they might be accessible by "too many" 
people.

Just a few thoughts.


HTH

Cheers,
Norm.

On 7 April 2016 16:02:10 BST, "'Mueller, Roland (GE87)' 
roland.muel...@honeywell.com [firebird-support]" 
 wrote:
>Hi all
>How can I prevent that my database can be opened with another
>security.fdb.
>
>
>For testing we use firebird 3.
>
>
>We use our database as its own security database.
>If we copy our database to another Firebird installation it
>
>is possible to open it with sysdba and masterkey.
>Is there a way to prevent The use of another security.fdb.
>
>
>Roland Müller
>Dipl.Ing. (FH)
>Honeywell | Security and Fire
>Novar GmbH
>Johannes-Mauthe-Straße 14
>72458 Albstadt
>Büro: 07431 801-0
>Fax: 07431 801-1512
>
>
>roland.muel...@honeywell.com
>www.honeywell.com/security/de
>
>
>
>
>
>
>
>
>Novar GmbH
>Rechtsform: GmbH
>Sitz: Albstadt
>Registergericht: AG Stuttgart, HRB 401195
>Geschäftsführung: Martin Bemba, Klaus Hirzel, Marcus Lindenlaub, Marcus
>Ostländer
>Aufsichtsratsvorsitzender:  Martin Göth
>
>
>
>THIS E-MAIL AND ATTACHED FILES ARE CONFIDENTIAL, PROTECTED BY COPYRIGHT
>AND MAY BE LEGALLY PRIVILEGED. If you are not the intended addressee or
>have received this e-mail in error, any use of this e-mail or any
>copying, distribution or other dissemination of it is strictly
>prohibited. If you have received this transmission in error, please
>notify the sender immediately and then delete the e-mail. E-mail cannot
>be guaranteed to be secure, error free or free from viruses. Neither
>the sending company nor its group of companies accepts any liability
>whatsoever for any loss or damage that may be caused as a result of the
>transmission of this message by e-mail. If verification is required,
>please request a hard copy version.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.