Firebird Documentation IndexGbak - Firebird Backup & Restore Utility → Security Of Backups
Firebird Home Firebird Home Prev: Restore ModeFirebird Documentation IndexUp: Gbak - Firebird Backup & Restore UtilityNext: Backup & Restore Recipes

Security Of Backups

As you have seen above anyone, with a valid username and password, can restore a gbak database dump file provided that they are not overwriting an existing database. This means that your precious data can be stolen and used by nefarious characters on their own servers, to create a copy of your database and see what your sales figures, for example, are like.

To try and prevent this from happening, you are advised to take precautions. You should also try and prevent backups from being accidentally overwritten before they have expired. Some precautions you can take are:

In Firebird 2.1, there is an additional security feature built into gbak and all the other command-line utilities. This new feature automatically hides the password if it is supplied on the command line using the -password switch. Gbak replaces the password with spaces - one for each character in the password. This prevents other users on the system, who could run the ps command and view your command line and parameters, from viewing any supplied password. In this manner, unauthorised users are unable to obtain the supplied password.

tux> gbak -b -user SYSDBA -passw secret employee /backups/employee.fbk
tux> ps efx| grep -i gba[k]
20724 ... gbak -backup -user SYSDBA -passw           employee employee.fbk 
... (lots more data here)

You can see from the above that the password doesn't show up under Firebird 2.1 as each character is replaced by a single space. This does mean that it is possible for someone to work out how long the password could be and that might be enough of a clue to a dedicated cracker. Knowing the length of the required password does make things a little easier, so for best results use a random number of spaces between -passw and the actual password. The more difficult you make things for the bad people on your network, the better.

Prev: Restore ModeFirebird Documentation IndexUp: Gbak - Firebird Backup & Restore UtilityNext: Backup & Restore Recipes
Firebird Documentation IndexGbak - Firebird Backup & Restore Utility → Security Of Backups