Other Security Measures

From InterBase

Go Up to Database User Management

InterBase provides some restrictions on the use of InterBase tools in order to increase security. In addition, there are things that you can do to protect your databases from security breaches. This section describes these options.

Restriction on Using InterBase Tools

As a security measure, InterBase requires that only the owner of a database or SYSDBA can execute gbak, gstat, and gfix.

  • Only the database owner or SYSDBA can use gbak to back up a database. Anyone can restore a database, because there is no concept of an InterBase user for a backup file. However, only the owner or SYSDBA can restore a database over an existing database. For security purposes, make sure that your backup files are stored in a secure location. This prevents unauthorized persons from restoring databases and gaining access to them.
  • On UNIX platforms, there is a further constraint on gstat: to run gstat, you must have system-level read access to the database file. To access the database with gstat, you must either be logged into the account running the InterBase server (“InterBase” or “root”) or someone must change the permissions on the database file to include read permission for your Group.

Protecting your Databases

You can take several steps to increase the security of your databases and other files on your system:

  • UNIX and Linux systems: Before starting the InterBase server, log in as user “InterBase” (or “interbas”, if user names longer than eight characters are not allowed), rather than “root” (only these users can start the server). This restricts the ability of other users to accidentally or intentionally access or overwrite sensitive files such as the password file. Start the InterBase server while you are logged on as user “InterBase”.
  • Windows server platforms: When the InterBase server is run as a service, you can protect a database against unauthorized access from outside InterBase (such as by a copy command), by making the database files readable only by the system account, under which services run. However, if you make the database readable only by the system account, remote access to the database must be by TCP/IP, not by NetBEUI.
  • Because anyone can restore a backed up database, it is wise to keep your backup files in a directory with restricted access. On UNIX, only the backup file itself, not the directory in which it resides, needs to have permissions restricted to prevent reading by unauthorized persons.

For example, if all of the following are true:

  • the backup file has permission 600 (rw-------) or 640 (rw-r-----)
  • only trusted persons belong to the groups
  • the directory has permission rwxr-xr-x

then persons other than the responsible owner and group can see that the backup file is there, but they cannot get at it. If the user or backup script issues the command umask 077 (or 027, as appropriate) before running gbak, unauthorized persons will not be able to access the backup file, no matter what the permissions on the directory. The directory should not be writable by “other”, since this permits other persons to delete the backup file.

See Also

Advance To: