mikerabat 20 Posted September 4, 2019 Hi Folks! I hope anyone can give me some hints on this topic: Firebird Data encryption and encryption of the data sent. Especially the "over the line" encryption of data is going to be mandatory for our next projects since there are a few attack vectors we didn't really anticapte that this would ever be a problem: an attacker has access to an internal network (e.g. a hospital) and reads the communication from between our program and the remote database. So... data encryption ala SSL, TLS would be a great thing to have. So far the FAQ from firebird only suggest to use an SSH tunnel or similar to connect to the database but ... is this feasable or even performant? Has anyone any experience with such a problem or is there anything some Delphi components could do? kind regards Mike Share this post Link to post
Alexander Elagin 143 Posted September 4, 2019 Devart has a Secure Bridge suite of components to protect a database connection (https://www.devart.com/sbridge/). I have not used it but maybe you could have a look if it suits your needs. I'd rather replace a direct client-server solution with a 3-tier one, thus totally isolating the database from network access. Share this post Link to post
mikerabat 20 Posted September 5, 2019 Thanks for the hint! I will definitely look into that 🙂 Share this post Link to post
Markus Kinzler 174 Posted September 5, 2019 Firebird 3 support over-the-wire encryption out of the box. https://firebirdsql.org/file/documentation/release_notes/html/en/3_0/rnfb30-security-wirecrypt.html 3 Share this post Link to post
Arnaud Bouchez 407 Posted September 5, 2019 17 hours ago, Alexander Elagin said: I'd rather replace a direct client-server solution with a 3-tier one, thus totally isolating the database from network access. Switch to a n-Tier architecure is the way to go. Keep the database locally on your server computer (or network), then use regular REST/JSON over secure HTTPS for the communication with clients. HTTPS will be much easier to secure and scale than forcing encryption with the database driver. Certificate management is a difficult think to do - I have seen so many solutions running fine... until a certificate becomes obsolete. 😉 We usually use a nginx server as reverse proxy, with https://letsencrypt.org/ certificate management. 1 Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
