#2112 InterBase Security daniel magin better office germany InterBase Security • • • • All InterBase Versions InterBase Security 5.x,6.x,7.0,7.1 InterBase Security 7.5 Hardware InterBase Security all Versions Over 80% of all InterBase Server runs with sysdba – mastekey Over 98% of all InterBase Servers runs on Port 3050 CHANGE ! Everybody knows this! InterBase Security all Versions Nobody needs access to the database files (*.gdb, *.ib). The InterBase Server Process only need read/write permissons. This is also important for the isc4.gdb (V5,6) or admin.ib (V7) InterBase Security all Versions Do not copy a *.gdb or *.ib file! Only Copy the backup file. You have on your machine: – InterBase cache – Operatingsystem cache – Harddisk controller cache – Harddisk cache InterBase Security all Versions And the most important thing: - It is not a backup - It is a running RESTORE - TEST YOUR BACKUPS InterBase Security all Versions If you use archive software, do not archive the *.gdb *.ib files (remember cache?) Archive the *.gbk files Use the system scheduler to produce backups for archiving on tape, cd, dvd,… InterBase Security all Versions - Shadow(Mirror) your Database - Replicate your Database InterBase Security all Versions User: - Please not one user account for all users (best joke is sysdba) Passwords: - Don‘t give the correct Password to the user (???????????????????) - Manipulate the enterd password in the login dialog user: ABC -> send to InterBase: BCA - Only with the correct application the user can connect to the database, but not for example with the odbc driver to get all table datas to excel and send this to a business rival. InterBase Security all Versions Store extreme confidental Datas not „clear“ in the database like: – Passwords – Revenues – Payment Rolls – … Encode/Decode this values InterBase Security V5.x,6.0 RDB$ Tables Everybody can change the RDB$Tables. This Tables are the internal System Tables and are the heart of your database. With InterBase 6.5 this problem was changed. Only SYSDBA, or users with the grants can do modifications on this tables. Update your InterBase Server. InterBase Security What‘s new in InterBase 7.5 for Security InterBase Security V7.5 Multi-Versioning InterBase 7.5 now allows multiple versions of InterBase servers to run simultaneously. In the past multiple versions of the InterBase server could not be run on the same machine. Previously when an application thatutilized one version of InterBase, another application that utilized another version of InterBase could not be run. Now with InterBase 7.5 Borland has added the ability run multiple versions of InterBase on the samemachine. With InterBase 7.5 one previous version (major release) of InterBase, i.e. InterBase 6.x will be able to be run simultaneously. LIVEDEMO InterBase Security V7.5 Multi-Versioning • You can run n InterBase Server • You can run 1 <=7.1 and n 7.5 Server • Replicate this server in both directions • n-Servers for n-Companies (CPU Controlling) • If one service is crashing connect to the second server • Server Hosting InterBase Security V7.5 Automatic rerouting or databases Now that InterBase 7.5 allows multiple versions of InterBase to run on the same machine this feature will allow configurations where some database connections can be rerouted to a different InterBase server instance on the same machine. InterBase Security V7.5 Server side database alias Database alias renames a database file within the context of the server. This beneficial feature which enables clients to connect to databases regardless of the knowledge of its exact location. LIVEDEMO InterBase Security V7.5 And my long long wish (Charlie i love you!) Embedded database user authentication This is a security enhancement new in InterBase 7.5. Now that InterBase 7.5 can manage multiple databases for unrelated applications the embedded database user authentication feature allows custom user account management that is not shared with other InterBase applications. LIVEDEMO Hardware • Raid System • Change the InterBase temp dir to a seperate harddisk (the operating system harddisk is busy enough) • Between WebServers and InterBase Server go over a seperate network(card) • Hardware Firewall with SQL sniff technique Questions? Thank You #2112 InterBase Security Please fill out the speaker evaluation You can contact me further at … dmagin@better-office.com dmagin@borland.com