You are right - once the database file has been obtained, anybody who has their own InterBase server can read the file. There are some things that you can do to minimise the risk of this happening:
1. Make it as difficult as possible to obtain the file in the first place.
Use operating system security to ensure that the database file can only be
accessed by authorised users. This would also apply to the InterBase root
directory. This contains the security database. In InterBase 7, the name of
this file could be changed (you could make it less obviously an InterBase
database. This is set in the ibconfig file (which also would need to be
protected)).
2. Don't create your database as SYSDBA. The user who created the database has admin rights of that database. It will be easier to protect the identity of that user.
3. Create a role called SYSDBA. InterBase places a restriction on not
allowing a role to have the same name as a login name so you will stop
SYSDBA from being able to access that database.
4. Use the metadata security. InterBase 6.5 and 7 allow for you to revoke
access to the system tables from public. There are scripts installed with
the product to help you do this. I note that you are a Delphi user. You
should use caution with this feature if you use BDE features such as TTable
and live TQueries which query the metadata to discover the structure of the tables that they are using. It is possible to revoke all rights including
select. This could break BDE applications that use the above features.
Partager