Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 6 of 6 total
Thread How secure is DBISAM?
Thu, Oct 26 2006 6:31 PMPermanent Link

John
Hi.

How secure is DBISAM when running remote on a webserver?

Is it advisable to use it for online applications that require high security/privacy?
Thu, Oct 26 2006 6:56 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

John,

<< How secure is DBISAM when running remote on a webserver? >>

Do you mean running as the database server on an open port exposed to the
Internet, or via a web server as an ISAPI or CGI application ?

--
Tim Young
Elevate Software
www.elevatesoft.com

Fri, Oct 27 2006 6:52 AMPermanent Link

"Ralf Mimoun"
John wrote:
> Hi.
>
> How secure is DBISAM when running remote on a webserver?

With its real encryption (Blowfish, or use another algorithm), DBISAM is
really secure. The problem: if somebody gets the password (which must be be
entered by the user, or must be part of the application), then he has
access.

> Is it advisable to use it for online applications that require high
> security/privacy?

I would encapsule that in a mw tier level, ege. with kbmMW. They have
additional, session based encryption. But the password problem remains.

Ralf
Sat, Oct 28 2006 10:14 PMPermanent Link

"Donat Hebert \(Worldsoft\)"
In addition, you may want to consider an modified Engine signature so even
if they do have the password, they cannot use the stock DBsys to open the
file.  Extra layer.

Donat.

Sun, Oct 29 2006 3:28 AMPermanent Link

John
Thank you for your replies.

Tim,
I mean running as a database server on an open port exposed to the
Internet.

"Tim Young [Elevate Software]" <timyoung@elevatesoft.com> wrote:

John,

<< How secure is DBISAM when running remote on a webserver? >>

Do you mean running as the database server on an open port exposed to the
Internet, or via a web server as an ISAPI or CGI application ?

--
Tim Young
Elevate Software
www.elevatesoft.com

Mon, Oct 30 2006 4:30 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

John,

<< I mean running as a database server on an open port exposed to the
Internet. >>

In that case, DBISAM will be as secure as the password used to encrypt the
communications (TDBISAMSession.RemotePassword and
TDBISAMEngine.EncryptionPassword).  DBISAM uses symmetric encryption, which
means that both the client and the server must know about, and use, the same
password.  This, of course, means that the storage of the password on the
client side is of the utmost importance.  IOW, you don't necessarily want it
to be visible in the compiled .EXE on the client as a plain text constant.

--
Tim Young
Elevate Software
www.elevatesoft.com

Image