Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » DBISAM Technical Support » Support Forums » DBISAM General » View Thread |
Messages 1 to 6 of 6 total |
How secure is DBISAM? |
Thu, Oct 26 2006 6:31 PM | Permanent Link |
John | Hi.
How secure is DBISAM when running remote on a webserver? Is it advisable to use it for online applications that require high security/privacy? |
Thu, Oct 26 2006 6:56 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | John,
<< How secure is DBISAM when running remote on a webserver? >> Do you mean running as the database server on an open port exposed to the Internet, or via a web server as an ISAPI or CGI application ? -- Tim Young Elevate Software www.elevatesoft.com |
Fri, Oct 27 2006 6:52 AM | Permanent Link |
"Ralf Mimoun" | John wrote:
> Hi. > > How secure is DBISAM when running remote on a webserver? With its real encryption (Blowfish, or use another algorithm), DBISAM is really secure. The problem: if somebody gets the password (which must be be entered by the user, or must be part of the application), then he has access. > Is it advisable to use it for online applications that require high > security/privacy? I would encapsule that in a mw tier level, ege. with kbmMW. They have additional, session based encryption. But the password problem remains. Ralf |
Sat, Oct 28 2006 10:14 PM | Permanent Link |
"Donat Hebert \(Worldsoft\)" | In addition, you may want to consider an modified Engine signature so even
if they do have the password, they cannot use the stock DBsys to open the file. Extra layer. Donat. |
Sun, Oct 29 2006 3:28 AM | Permanent Link |
John | Thank you for your replies.
Tim, I mean running as a database server on an open port exposed to the Internet. "Tim Young [Elevate Software]" <timyoung@elevatesoft.com> wrote: John, << How secure is DBISAM when running remote on a webserver? >> Do you mean running as the database server on an open port exposed to the Internet, or via a web server as an ISAPI or CGI application ? -- Tim Young Elevate Software www.elevatesoft.com |
Mon, Oct 30 2006 4:30 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | John,
<< I mean running as a database server on an open port exposed to the Internet. >> In that case, DBISAM will be as secure as the password used to encrypt the communications (TDBISAMSession.RemotePassword and TDBISAMEngine.EncryptionPassword). DBISAM uses symmetric encryption, which means that both the client and the server must know about, and use, the same password. This, of course, means that the storage of the password on the client side is of the utmost importance. IOW, you don't necessarily want it to be visible in the compiled .EXE on the client as a plain text constant. -- Tim Young Elevate Software www.elevatesoft.com |
This web page was last updated on Friday, April 26, 2024 at 06:09 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |