RE : Firebird DB - What Does Anyone Know?
- From: "Matthew Zito" <mzito@xxxxxxxxxxx>
- To: <Richard.Goulet@xxxxxxxxxxx>, <srcdco@xxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
- Date: Tue, 15 Sep 2009 11:58:00 -0400
I'd also like to strenuously object to the assertion that Open Source = easier
to hack into. All software products are vulnerable to security issues, and
Oracle's CPUs demonstrate that clearly being closed-source helps them little in
terms of identifying them. In fact, there's a long track record in open-source
software where random savvy users have identified security vulnerabilities and
supplied patches to the community. No opportunity for that with Oracle.
I think the maintainability of open-source software is a valid concern,
especially if there's not a large company/robust community behind it.
To answer your original question, Firebird is fine. It's an embedded database,
very lightweight, very nichey. I'm not aware of anyone commercial backing it,
except ISVs who embed it.
Matt
--
Matthew Zito
Chief Scientist
GridApp Systems
P: 646-452-4090
mzito@xxxxxxxxxxx
http://www.gridapp.com
________________________________
De: oracle-l-bounce@xxxxxxxxxxxxx de la part de Goulet, Richard
Date: mar. 9/15/2009 11:48
À: srcdco@xxxxxxx; oracle-l@xxxxxxxxxxxxx
Objet : RE: Firebird DB - What Does Anyone Know?
Scott,
OH Boy, been a long time since I looked at Firebird, so this may well be
dated. Yes it is open source, not exactly sql compliant, and very poorly
protected. A table is a file & the data therein is flat ASCII so very easy to
read. Great for small projects with a limited number of users and that is not
web attached.
Dick Goulet
Senior Oracle DBA/NA Team Lead
PAREXEL International
________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Scott Canaan
Sent: Tuesday, September 15, 2009 11:41 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Firebird DB - What Does Anyone Know?
One of our departments is looking at a product that uses a Firebird
database. I've done some online research and found out that it is an open
source database. I've brought this up with the vendor, stating that since its
open source it's easy for hackers to get a copy to play with. Their response
was to challenge me to break into their system and database, which I thought
was an interesting response. It was the only technical question thrown at them
that they got visibly angry about.
My question is: Is anyone familiar with this database and how secure it is?
If so, does it support any kind of encryption? I've not been able to find
anything about encryption, either the data itself or network, on this product.
In the end, if the department purchases this package, we won't be supporting
the database, but I'm trying to do my due diligence in advising them of any
issues, particularly security issues, that I can find.
Thank you,
Scott Canaan '88 (Scott.Canaan@xxxxxxx)
(585) 475-7886
"Life is like a sewer, what you get out of it depends on what you put into it."
- Tom Lehrer.
Other related posts: