Other Security Measures
Go Up to Database User Management
InterBase provides some restrictions on the use of InterBase tools in order to increase security. In addition, there are things that you can do to protect your databases from security breaches. This section describes these options.
Contents
Restriction on Using InterBase Tools
As a security measure, InterBase requires that only the owner of a database or SYSDBA
can execute
gbak
, gstat
, and gfix
.
- Only the database owner or
SYSDBA
can usegbak
to back up a database. Anyone can restore a database, because there is no concept of an InterBase user for a backup file. However, only the owner orSYSDBA
can restore a database over an existing database. For security purposes, make sure that your backup files are stored in a secure location. This prevents unauthorized persons from restoring databases and gaining access to them. - On UNIX platforms, there is a further constraint on
gstat
: to rungstat
, you must have system-level read access to the database file. To access the database withgstat
, you must either be logged into the account running the InterBase server (“InterBase” or “root”) or someone must change the permissions on the database file to include read permission for your Group.
Protecting your Databases
You can take several steps to increase the security of your databases and other files on your system:
- UNIX and Linux systems: Before starting the InterBase server, log in as user “InterBase” (or “interbas”, if user names longer than eight characters are not allowed), rather than “root” (only these users can start the server). This restricts the ability of other users to accidentally or intentionally access or overwrite sensitive files such as the password file. Start the InterBase server while you are logged on as user “InterBase”.
- Windows server platforms: When the InterBase server is run as a service, you can protect a database against unauthorized access from outside InterBase (such as by a copy command), by making the database files readable only by the system account, under which services run. However, if you make the database readable only by the system account, remote access to the database must be by TCP/IP, not by NetBEUI.
- Because anyone can restore a backed up database, it is wise to keep your backup files in a directory with restricted access. On UNIX, only the backup file itself, not the directory in which it resides, needs to have permissions restricted to prevent reading by unauthorized persons.
For example, if all of the following are true:
- the backup file has permission 600 (
rw-------
) or 640 (rw-r-----
) - only trusted persons belong to the groups
- the directory has permission
rwxr-xr-x
- the backup file has permission 600 (
then persons other than the responsible owner and group can see that the backup file is there, but they cannot get at it. If the user or backup script issues the command umask 077
(or 027, as appropriate) before running gbak
, unauthorized persons will not be able to access the backup file, no matter what the permissions on the directory. The directory should not be writable by “other”, since this permits other persons to delete the backup file.
See Also
- Security Model
- The InterBase Security Database
- Implementing Stronger Password Protection
- Enabling Embedded User Authentication
- System Table Security
- SQL Privileges
- Groups of Users
- User Administration with IBConsole
- User Administration With the InterBase API
- Using gsec to Manage Security
- Using gsec to Manage Database Alias
- gsec Error Messages