Currently (with FB version of 2.1 or 2.5) the only way to protect data inside an FDB file is:
- to HIDE the database file itself
(Possibly on an encrypted volume, with no/fake extension, between many other "temp"/fake files, ... ).
The connection string/Path can be encoded in the client program, so it is a nice and easy way to access it safely.
(... as I've thought until now :( )
But the log file is revealing this secret !
So a thief/hacker can :
- easily look into the log file
- see the DB path+name where to look for it,
- and copy the whole DB file to a pen-drive in no time :(
So it would be VERY important to be able to DISABLE some kind of data being logged:
log_hide_db_path=1; // would HIDE the database name and location.
log_level=0; // no logging at all for the currently connected database file !
It would be logical to set these parameters by [connection parameters] from the API.
Currently this IS an urgent security issue !
I MUST provide data security to my clients.