Security of DB Connections

Grant_Brown_CTC · 14 February 2023 07:30

Hi to All,

Using Delphi 10.4 to create a Windows program with remote user access to a Firebird DB
Devart DB access components

Our application is intended to be located on a remote server that users will log in via an IP address style connection address

My question relates to security of data and user connection points

Can anyone suggest some security procedures/components to adopt in order to assist in application security of data integrity, user connection and the like.

Are there things within the Firebird DB that we should be doing to increase security of data integrity, user connection and the like.

Are there things within the our Delphi program that we should be doing to increase security of data integrity, user connection and the like.

Many thanks in advance
Grant Brown

R_Horbry-Smith · 14 February 2023 09:24

Are you using a Local Area Network here Grant ?
The solution will depend upon your architecture (Client/Server ?).

R_Horbry-Smith · 14 February 2023 09:31

Another consideration pertains to how / if you want to limit specific users access to th data. To do so, you may need to instantiate “User Groups”. For example - groups for Read Only, Read Write, Write Only. And to limit certain users to specific database tables.

vincent · 14 February 2023 21:04

I hope this connection will be via a vpn?

Exposing a db engine directly to the internet is a big red flag.

Roger_Plant · 14 February 2023 21:39

Yes this.

I have come to like Wireguard a lot of recent times.
Fast, free, fairly secure.
Requires a single udp port punched through firewall.

R_Horbry-Smith · 14 February 2023 22:44

I was a bit unclear as to whether Grant was seeking client access via a LAN (Local Are Network) or WAN (Wide Area Network).

If via a LAN it might be acceptable for the user to gain access to the database directly via a windows Login.

But these days, I definitely wouldn’t consider direct DB access over any type of WAN (too risky).

In both circumstances I’d personally be looking for a Client Server architecture (where you have a Client Side Delphi application which authenticates to the Server Side Delphi application). The Sever application then manages requests (executes the SQL) and returns results to the Client.

For the Client/Server solution, I’d go for mORMot. Excellent security and enterprise scalability. But it communicates over HTTP (my preferred solution for the past 18 years). And using this solution, it’s easy to build a WEB based solution that supports both a Delphi / FPC client OR / AND a web browser based JavaScript client, without making any changes to the Pascal Server App.

If you’re interested in the mORMot solution Grant I’ve got source code examples from past ADUG presentations that should make it very easy to get up and running (one of these samples uses Firebird)

R_Horbry-Smith · 14 February 2023 22:47

Let me know if you’re interested in the samples or need more detail.

R_Horbry-Smith · 15 February 2023 00:47

Oh, I should have said - mORMot is Open-source - free

Grant_Brown_CTC · 15 February 2023 02:24

Hi Robert,

The Firebird examples would be most welcome

R_Horbry-Smith · 15 February 2023 03:33

Sent you a private message Grant.
Post here if you don’t get it (I’ve never done that using Discourse before).