I purchased ElevateDB 1.xx just after it came out but I'm only just
starting to get into it now as I have been using DBISAM for most of my
development work.  Stand by for a series of stupid questions.

I want to protect the database from users that may somehow manage to get
hold of EDBManager and want to have a fiddle.  In DBISAM I had a
password on each table.  I'm thinking about the best plan of attack with
ElevateDB.  Should I change the Signature, or perhaps use an Encryption
Password, or both.  Besides having to recompile the EDB Server and
EDBManager (does EDBManager store the Signature and Encryption
Password?) with these changes, are there any other issues?

I also noticed that there is an Encrypt Catalog (incorrectly spelt as
Encypt in EDBManager.  Would this be sufficient protection?  What
does it use for a password?

TIA.

Regards,

Steve

Steve,

<< Should I change the Signature, or perhaps use an Encryption Password, or
both. >>

You should change the signature to prevent unwanted access, and the
encryption password if you don't want the data in the table files to be
visible via a hex editor.

<< Besides having to recompile the EDB Server and EDBManager (does
EDBManager store the Signature and Encryption Password?) with these changes,
are there any other issues? >>

The EDB Server allows you to change the encryption password via the .INI
file, but not the signature.  The EDB Manager doesn't permit either change
via its .INI file.

I'll see if I can add these to the .INI file for the next EDB release.  The
..INI files are stored in semi-hidden places on the hard drive, so they're
fairly safe from casual browsers.

<< I also noticed that there is an Encrypt Catalog (incorrectly spelt as
Encypt in EDBManager.  Would this be sufficient protection? >>

This option only specifies that the catalog file (EDBDatabase.EDBCat) be
encrypted using the TEDBEngine.EncryptionPassword, which is the property
that specifies the password used for all encryption.  There's only one
password used in EDB for encrypting disk files and communications to and
from the EDB Server.

--
Tim Young
Elevate Software
www.elevatesoft.com

Hi Tim,

Thanks for the responses.

> I'll see if I can add these to the .INI file for the next EDB
release. > The .INI files are stored in semi-hidden places on the hard
drive, so > they're fairly safe from casual browsers.

Could you store the password and signature in the INI files in encrypted
form, and revert to the default password and signature if the entries
aren't present?

Regards,

Steve

Steve,

<< Could you store the password and signature in the INI files in encrypted
form, and revert to the default password and signature if the entries aren't
present? >>

The issue then becomes - encrypted using what information ?

--
Tim Young
Elevate Software
www.elevatesoft.com

Hi Tim,

> The issue then becomes - encrypted using what information ?

Good point!  What if you just come up with some arbitrary password
and use that?  Yes, it's not exactly secure if you have the source code
for EDBManager, but neither is the default signature and database
password anyway.

It's more about convenience than anything.  I could change this myself
in EDBManager, but then I'd have to remember to do this for each new
release.

Anyway, just my thoughts FWIW.

Regards,

Steve

Steve,

<< Good point!  What if you just come up with some arbitrary password
and use that? >>

Sure, that's feasible.  It's not very secure, but it's feasible.

--
Tim Young
Elevate Software
www.elevatesoft.com