Geek Answers Handbook

Firebird Database Password

I really want to know how to protect the firebird database from being opened by any user, but from the application itself. If I distribute a desktop application with one Firebird database file (not embedded), how can I protect the database from being copied to another Firebird machine with the well-known sysdba password?

I searched for a question related to this topic and only find this: Finding an outdated firebird / Interbase database password

If the answer in this message was true, how to use a desktop application with a Firebird database and prevent anyone from opening it using another machine? Or should I use another database like mySQL or PostgreSQL?

PS: I am using Delphi 2006 to develop a graphical interface.

+4
source share
3 answers

You don’t have the point of thinking about the password for the Firebird database - an open source server, so there is no way to do what you want. The user can simply recompile the server with password verification.

Basically you can only do two things:

  • Write your own changes to the Firebird server so that it writes a database file that is incompatible with all other servers. It doesn’t matter that people can transfer the database to another machine, because the standard server executable files will not be able to access the data in the database.

  • Only encrypted data is written to the file, so it does not matter that access to the database is possible.

Both, of course, are not perfect, as a certain cracker can simply use your own application to access data. Permission to attach a debugger to a running process may be enough to stop the execution of your application at any time and examine the (decrypted) data in RAM. See also SO question "How to increase memory security in Delphi?" , especially this answer , for more information on this topic.

BTW: this is what you can do with any database engine you choose to answer the last part of your question.

+4
source

how to use a desktop application with a Firebird database and prevent anyone from opening it using another machine

If you mean that the user has both encrypted data and a key, you are running DRM. Final answer: you cannot. You can slow down the user by hiding the key in many ways, but you cannot stop them.

+2
source

No.

This is more or less the same problem as Pidgin in http://developer.pidgin.im/wiki/PlainTextPasswords , except that it protects it from some users, not from others, not your application, not end users.

0
source

More articles:


All Articles