I have a firebird database in format .GDB.
开发者_开发技巧If I setup a interbase server and I open the .GDB with (for ex. IB Expert) with the default password I can open the Database.
So I'd like to prevent the database to be opened by other softwares how could I do it?
with "gsec.exe" I can add and modify users, but this doesn't give me a tool to prevent a database to be opened by a new firebird instance.
As far as I know you can not avoid a .GDB or .FDB database to be opened by a Interbase or Firebird instance. It is a file (or group of files) with a known structure for such an instance and, provided the (malicious) user knows the SYSDBA password, it can be accessed.
Said this, some suggestions:
- If you do not need it make sure the Embedded version of Firebird is not present in your installation to avoid giving the user a tool with which the database could be accessed directly.
- As far as possible restrict any access to the directory where the database will be. Firewalls, directory user rights, etc.
- Use gsec.exe as you said to add/modify users access rights. While this will not prevent the SYSDBA to access the database at least it will prevent a normal user to do so.
- Encrypt the filesystem where the database will be. You can find more info on this at How to protect data in Firebird database.
- If the database is to be accessed through insecure networks like Internet you could consider using SSL. Check How to protect the connection over insecure networks.
- Check Firebird Security FAQ for more information.
There is another solution that might help you partially: encrypting before storing data and decrypting when reading data, but it can cause some problems on searching through the data, since you will not be able to use some indexes (actually only PK and FK indexes will work flawlessly).
I know this is not the answer which you expected, so sorry about that. Maybe someone else will come with an alternative and better solution. :-)
HTH
精彩评论