What is the best way to protect a database?

[ItMustBeNeat]

Hi,

I keep all my passwords, credit card info and more very sensitive things in a simple text filemaker database. Im using Filemaker Pro7

I set up a password by Defining Accounts and Privileges, changing the account name and password.

Now when I open my file it does ask me for my password....

Here's my question:

Is this truly safe? Did I do it correctly? Id like to be sure.

Does Mac Keychain have anything to do with this?

Thanks for any tips or advice!

[John Mark Osborne]

I'm sure Steven Blackwell will have something to say about this when he logs on but here goes. As long as you don't give someone physical file access to you FileMaker file, it is pretty difficult to hack into a FileMaker file. Some would say impossible (This assumes you haven't used a password like "Fido" or "Love" or "God"). If someone gets a hold of your file, there are products on the market for just about every major application that will rewrite the password area of your file instead of guessing the password. So, make sure your computer is password protected as well and limit access to it through wireless traffic as well as physical access.

[ItMustBeNeat]

Hi John,

Thanks for the reply. So my above method of passwording is correct?

I could use Apple OSX Keychain to also store things. Which is more secure or is it basically the same?

There were to robberies in the building I am in and even though we have industrial strength doors and alarms I want to basically know if someone walks off with my computer that I dont have to call every bank, credit card and god forbid change my 1000 passwords...

(I know your going to tell me I should do that anyway)

[Steven H. Blackwell]

The Keychain probably lessens the security reliability, not increases it.

You need an encryption program that protects your entire hard drive, including external device booting. Remember of course that it locks you out of doing that as well.

FileMaker Pro offers good security; but it is not a 100 percent guarantee. There are programs where it is "computationally infeasible" to crack the passwords. But your environment isn't one of those circumstances.

Steven

[ItMustBeNeat]

Thanks for the info... hmmm.

So I will stick with Filemaker for the storage of these items, keep it protected the way I set it up and look into encrypting.

Im not sure how to do that exactly on a mac I think there is something called Filevault. I remember it caused problems at the beginning (not sure what) but that was a while ago and its still in the OS....

[Fenton]

FileVault is kind of extreme, as it encrypts your entire user home folder. And, you're right, it had some problems at first. I think it works fairly well now; but I'm running Tiger, and you're still running Jaguar. But I wouldn't want to encrypt my whole user folder anyway.

Another less drastic option would be to use Disk Utility and create a Disk Image, from the folder with the file, with the option to encrypt with AES-128. You'd want to make the format read-write. I don't know if this option was available in Jaguar; it is in Panther (10.3.9). I also don't know whether anyone makes "crack DMG" tools.

[Slater]

I'm looking to do the same thing as the original poster on Mac platform - protect the database from someone who's perhaps stolen the HDrive or host computer.

As Fenton said, the file vault seems a bit OTT, and creating the disk image gives me problems when using the same database on 2 computers (using open romote...)

So i was thinking of storing the DB on a lacie fingerprint encrypted HDrive, and then sharing it from there.

Before i go and buy one, does anyone have any comments - either on running the lacie, or the best way to secure the DB otherwise.

Thanks in advance,

slater

[Ender]

I don't think those would be fast enough for any serious deployments.

It seems more reasonable to simply lock up the computer.

[Slater]

Ender wrote:

It seems more reasonable to simply lock up the computer.

it would be, if only i could!

I can't guarantee that a burglar won't take the computer / backup HDs, so i have to get some sort of secuirty ....

about the lacies: i've just discovered that if you open the enclosure, take out the HD and fit to a different cady, then it will mount to the desktop ... so that kinda blows out the usefulness of the fingerprint scanner.

any info on encryption software (mac)? he says with increasing desperation!

Thanks again,

slater

[xochi]

I think you should consider the encrypted DMG solution -- provided your server has plenty of RAM, and you set your ram caches high enough, FileMaker server will do the majority of operations on the data in RAM, which means that the slower speed of reading from and writing to an encrypted DMG will not be that big a deal. It will be slower, for sure, but not that much slower.

One thing about DMGs, and encrypted DMGs, is they are very sensitive to improper shutdowns. I think this has been improved in the latest versions of 10.4, but in 10.3 and early 10.4s I found that it's was pretty easy to totally corrupt a DMG just by crashing the computer or unplugging the drive. Once an encrypted DMG is corrupted, you lose ALL files on it forever.

[Slater]

Thanks Journeyman,

It will be slower, for sure, but not that much slower.

One thing about DMGs, and encrypted DMGs, is they are very sensitive to improper shutdowns. Once an encrypted DMG is corrupted, you lose ALL files on it forever.

yeah ... that doesn't inspire me with confidence!! I did give a go however, and there seemed to be problems with a second person using / writing to it, and the fact that there is a second person increases the likely hood of an improper shutdown, all of which adds up to a less than perfect solution.

I'm now thinking that the best solution is to store it on a dongle protected HD (as long as i would hide the dongle in a box in the garden each night!) or encryption software to encrypt just the FM folder ... any ideas? (mac)

but thanks for you help, none the less!

cheers,

slater