Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » ElevateDB Technical Support » Support Forums » ElevateDB General » View Thread |
Messages 1 to 6 of 6 total |
Signature, Encryption Password and Encrypt Catalog. |
Wed, Feb 27 2008 5:53 PM | Permanent Link |
Steve Gill | I purchased ElevateDB 1.xx just after it came out but I'm only just
starting to get into it now as I have been using DBISAM for most of my development work. Stand by for a series of stupid questions. I want to protect the database from users that may somehow manage to get hold of EDBManager and want to have a fiddle. In DBISAM I had a password on each table. I'm thinking about the best plan of attack with ElevateDB. Should I change the Signature, or perhaps use an Encryption Password, or both. Besides having to recompile the EDB Server and EDBManager (does EDBManager store the Signature and Encryption Password?) with these changes, are there any other issues? I also noticed that there is an Encrypt Catalog (incorrectly spelt as Encypt in EDBManager. Would this be sufficient protection? What does it use for a password? TIA. Regards, Steve |
Thu, Feb 28 2008 7:21 AM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Steve,
<< Should I change the Signature, or perhaps use an Encryption Password, or both. >> You should change the signature to prevent unwanted access, and the encryption password if you don't want the data in the table files to be visible via a hex editor. << Besides having to recompile the EDB Server and EDBManager (does EDBManager store the Signature and Encryption Password?) with these changes, are there any other issues? >> The EDB Server allows you to change the encryption password via the .INI file, but not the signature. The EDB Manager doesn't permit either change via its .INI file. I'll see if I can add these to the .INI file for the next EDB release. The ..INI files are stored in semi-hidden places on the hard drive, so they're fairly safe from casual browsers. << I also noticed that there is an Encrypt Catalog (incorrectly spelt as Encypt in EDBManager. Would this be sufficient protection? >> This option only specifies that the catalog file (EDBDatabase.EDBCat) be encrypted using the TEDBEngine.EncryptionPassword, which is the property that specifies the password used for all encryption. There's only one password used in EDB for encrypting disk files and communications to and from the EDB Server. -- Tim Young Elevate Software www.elevatesoft.com |
Thu, Feb 28 2008 4:10 PM | Permanent Link |
Steve Gill | Hi Tim,
Thanks for the responses. > I'll see if I can add these to the .INI file for the next EDB release. > The .INI files are stored in semi-hidden places on the hard drive, so > they're fairly safe from casual browsers. Could you store the password and signature in the INI files in encrypted form, and revert to the default password and signature if the entries aren't present? Regards, Steve |
Fri, Feb 29 2008 8:51 AM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Steve,
<< Could you store the password and signature in the INI files in encrypted form, and revert to the default password and signature if the entries aren't present? >> The issue then becomes - encrypted using what information ? -- Tim Young Elevate Software www.elevatesoft.com |
Sun, Mar 2 2008 4:29 PM | Permanent Link |
Steve Gill | Hi Tim,
> The issue then becomes - encrypted using what information ? Good point! What if you just come up with some arbitrary password and use that? Yes, it's not exactly secure if you have the source code for EDBManager, but neither is the default signature and database password anyway. It's more about convenience than anything. I could change this myself in EDBManager, but then I'd have to remember to do this for each new release. Anyway, just my thoughts FWIW. Regards, Steve |
Mon, Mar 3 2008 6:57 AM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Steve,
<< Good point! What if you just come up with some arbitrary password and use that? >> Sure, that's feasible. It's not very secure, but it's feasible. -- Tim Young Elevate Software www.elevatesoft.com |
This web page was last updated on Tuesday, April 30, 2024 at 03:55 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |