View Slides - Conferences

advertisement
#2112
InterBase Security
daniel magin
better office
germany
InterBase Security
•
•
•
•
All InterBase Versions
InterBase Security 5.x,6.x,7.0,7.1
InterBase Security 7.5
Hardware
InterBase Security all Versions
Over 80% of all InterBase Server runs with
sysdba – mastekey
Over 98% of all InterBase Servers runs on
Port 3050
CHANGE !
Everybody knows this!
InterBase Security all Versions
Nobody needs access to the database files
(*.gdb, *.ib). The InterBase Server
Process only need read/write
permissons.
This is also important for the isc4.gdb
(V5,6) or admin.ib (V7)
InterBase Security all Versions
Do not copy a *.gdb or *.ib file! Only Copy
the backup file. You have on your
machine:
– InterBase cache
– Operatingsystem cache
– Harddisk controller cache
– Harddisk cache
InterBase Security all Versions
And the most important thing:
- It is not a backup
- It is a running RESTORE
- TEST YOUR BACKUPS
InterBase Security all Versions
If you use archive software, do not archive
the *.gdb *.ib files (remember cache?)
Archive the *.gbk files
Use the system scheduler to produce backups for archiving
on tape, cd, dvd,…
InterBase Security all Versions
- Shadow(Mirror) your Database
- Replicate your Database
InterBase Security all Versions
User:
- Please not one user account for all users
(best joke is sysdba)
Passwords:
- Don‘t give the correct Password to the user
(???????????????????)
- Manipulate the enterd password in the login
dialog
user: ABC -> send to InterBase: BCA
- Only with the correct application the user can
connect to the database, but not for example
with the odbc driver to get all table datas to
excel and send this to a business rival.
InterBase Security all Versions
Store extreme confidental Datas not „clear“
in the database like:
– Passwords
– Revenues
– Payment Rolls
– …
Encode/Decode this values
InterBase Security V5.x,6.0
RDB$ Tables
Everybody can change the RDB$Tables.
This Tables are the internal System
Tables and are the heart of your
database. With InterBase 6.5 this
problem was changed. Only SYSDBA, or
users with the grants can do
modifications on this tables. Update your
InterBase Server.
InterBase Security
What‘s new in
InterBase 7.5
for Security
InterBase Security V7.5
Multi-Versioning
InterBase 7.5 now allows multiple versions of InterBase
servers to run simultaneously. In the past multiple
versions of the InterBase server could not be run on
the same machine. Previously when an application
thatutilized one version of InterBase, another
application that utilized another version of InterBase
could not be run. Now with InterBase 7.5 Borland has
added the ability run multiple versions of InterBase on
the samemachine. With InterBase 7.5 one previous
version (major release) of InterBase, i.e. InterBase 6.x
will be able to be run simultaneously.
LIVEDEMO
InterBase Security V7.5
Multi-Versioning
• You can run n InterBase Server
• You can run 1 <=7.1 and n 7.5 Server
• Replicate this server in both directions
• n-Servers for n-Companies (CPU
Controlling)
• If one service is crashing connect to the
second server
• Server Hosting
InterBase Security V7.5
Automatic rerouting or databases
Now that InterBase 7.5 allows multiple versions of
InterBase to run on the same machine this feature will
allow configurations where some database
connections can be rerouted to a different InterBase
server instance on the same machine.
InterBase Security V7.5
Server side database alias
Database alias renames a database file within the
context of the server. This beneficial feature which
enables clients to connect to databases regardless
of the knowledge of its exact location.
LIVEDEMO
InterBase Security V7.5
And my long long wish (Charlie i love you!)
Embedded database user authentication
This is a security enhancement new in InterBase 7.5.
Now that InterBase 7.5 can manage multiple
databases for unrelated applications the embedded
database user authentication feature allows custom
user account management that is not shared with
other InterBase applications.
LIVEDEMO
Hardware
• Raid System
• Change the InterBase temp dir to a
seperate harddisk (the operating system
harddisk is busy enough)
• Between WebServers and InterBase
Server go over a seperate network(card)
• Hardware Firewall with SQL sniff
technique
Questions?
Thank You
#2112
InterBase Security
Please fill out the speaker evaluation
You can contact me further at …
dmagin@better-office.com
dmagin@borland.com
Download