Hi

i need to limit access at my db

i have create a new limit-readonly-user for any my client


and i have change the default password of Administrator user.

when my program start , check always is there is the new password , if old..
change it.


but there is a problem.

if the (advanced) user delete file : EDBConfig.EDBCfg
and recreate a new Database , he can to access to my db with default L/PWD
of EDB2.


Can i change for ever the password of Administrator ?
( without change edbconfig.pas )

Mauro


I for one do not believe EDBManager is an end user tool. So don't give them the tools to create a new database without going through YOUR software. In that set the password.

Roy Lambert [Team Elevate]

> I for one do not believe EDBManager is an end user tool. So don't give
> them the tools to create a new database without going through YOUR
> software. In that set the password.

i don't release EDBManager .


but with

* MS access
* ODBC EDB2
* and a simple query CREATE DATABASE ........

EDBManager  is not more required.

Mauro,

<< but there is a problem.

if the (advanced) user delete file : EDBConfig.EDBCfg and recreate a new
Database , he can to access to my db with default L/PWD of EDB2. >>

It's worse than that - if you allow the user direct access to the database,
he can just look at the data with a hex editor, delete it, copy it, etc.
IOW, the user security of the database is only as good as the physical
security that prevents direct access to it.  This is why many people use C/S
access with the ElevateDB Server instead.

--
Tim Young
Elevate Software
www.elevatesoft.com

Mauro,

I forgot the important part, the solution:

The only way to prevent this is to use a custom encryption password with
your ElevateDB configuration, and then set each database catalog to be
encrypted also:

CREATE DATABASE MyDatabase
PATH 'c:\mydata'
ENCRYPTED CATALOG

That way, if a user deletes the configuration file and tries to create a new
one (using the default encryption password), he/she still won't be able to
access or open any of the database catalogs without an exception.  And,
because the database catalog file is encrypted with strong crypto, he/she
won't be able to find out anything about the information in the catalog
file.

--
Tim Young
Elevate Software
www.elevatesoft.com

Hey Tim,

but this isn't very handy without the possibility to use then custom
encryption password in the edbmgr without recompile it

Ralf

Tim Young [Elevate Software] schrieb:
> Mauro,
>
> I forgot the important part, the solution:
>
> The only way to prevent this is to use a custom encryption password with
> your ElevateDB configuration, and then set each database catalog to be
> encrypted also:
>
> CREATE DATABASE MyDatabase
> PATH 'c:\mydata'
> ENCRYPTED CATALOG
>
> That way, if a user deletes the configuration file and tries to create a new
> one (using the default encryption password), he/she still won't be able to
> access or open any of the database catalogs without an exception.  And,
> because the database catalog file is encrypted with strong crypto, he/she
> won't be able to find out anything about the information in the catalog
> file.
>

Ralf,

<< but this isn't very handy without the possibility to use then custom
encryption password in the edbmgr without recompile it >>

You can use a custom encryption password in the EDB Manager.  Just include
this line in the edbmgr.ini file here:

(Windows XP)

C:\Documents and Settings\<UserName>\Local Settings\Application Data\Elevate
Software\ElevateDB Manager

(Vista)

C:\Users\<UserName>\Local Settings\Application Data\Elevate
Software\ElevateDB Manager

and add this line under the appropriate Session_<SessionName> section:

Local Encryption Password=MyNewPassword

For remote sessions, you can specify the encryption password via the Edit
Session dialog in the EDB Manager.  We hide the local encryption password
for obvious reasons.

--
Tim Young
Elevate Software
www.elevatesoft.com

Super Cool!

Thx
Ralf

Tim Young [Elevate Software] schrieb:
> Ralf,
>
> You can use a custom encryption password in the EDB Manager.  Just include
> this line in the edbmgr.ini file here:
>

Tim

<<and add this line under the appropriate Session_<SessionName> section:

Local Encryption Password=MyNewPassword>>

I have tried this but the session cannot be opened any more after the password has been
changed. See the attachement! (2.02 B2 trial)


My confussion is this:

I guess when the session is created the files are encrypted with the default local
encryption password. After the  password is changed, it cannot be read.
If the session does not exist, the paswd cannot be changed. I must be missing some simple
thing.

Regards,
Leslie

Tim

One more info: I have not created any databases, just the new session. After quiting
EDBManager changed the suggested line in the ini file. That is all what happened.  


Regards,
Leslie