Is WireCrypt over the internet secure enough?
117 views
Skip to first unread message
Mr John
Jul 16, 2021, 3:30:34 AM7/16/21
to firebird...@googlegroups.com
Hi
I'm using FB 3.0.7 over the internet with WireCrypt = Enabled
do I have to create a VPN? Is WireCrypt secure enough?
thanks
Mark Rotteveel
Jul 16, 2021, 4:45:49 AM7/16/21
to firebird...@googlegroups.com
considered a weak/broken cipher these days. But more importantly, doing
this would mean exposing your Firebird server publicly on the internet
(that is port 3050 open to the world), which means anyone could try to
connect. There have been issues in the past where malformed connect
packets could crash the server. Making your Firebird server publicly
accessible could make you vulnerable to denial-of-service attacks if
similar bugs still exist, to distributed denial-of-service attacks just
by getting flooded by connection requests, and even intentional
brute-force login attempts.
In general (not specifically for Firebird), database servers should not
be publicly accessible. So, if you need to connect to it from a remote
network, you should use a VPN solution (or another type of private
networking solution).
Or consider a different setup: don't expose your Firebird server at all,
but use something like a REST API to mediate between your application
and the database.
Mark
Mr John
Jul 16, 2021, 5:48:36 AM7/16/21
to firebird...@googlegroups.com
Hi
It is a .net winforms app,so REST API is not an option for now
I've setup also OpenVpn connection but port 3050 still should be open
Is FB 4 encryption more secure?
thanks
--
You received this message because you are subscribed to the Google Groups "firebird-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebird-gener...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/firebird-general/50be1c57187ff59bc5af253427e76d9a%40lawinegevaar.nl.
Mark Rotteveel
Jul 16, 2021, 9:01:58 AM7/16/21
to firebird...@googlegroups.com
On 16-07-2021 11:48, Mr John wrote:
> It is a .net winforms app,so REST API is not an option for now
> I've setup also OpenVpn connection but port 3050 still should be open
> Is FB 4 encryption more secure?
If you use a VPN solution, then port 3050 should only be accessible
> It is a .net winforms app,so REST API is not an option for now
> I've setup also OpenVpn connection but port 3050 still should be open
> Is FB 4 encryption more secure?
through that VPN, not open to everyone on the internet.
Firebird 4 also has the ChaCha wire protocol, which is better
encryption, but I don't think FirebirdSql.Data.FirebirdClient supports
that yet.
However, that still doesn't address my other point about not exposing
port 3050 to the internet.
--
Mark Rotteveel
Mr John
Jul 16, 2021, 10:16:01 AM7/16/21
to firebird...@googlegroups.com
thanks Marks for your answers
--
You received this message because you are subscribed to the Google Groups "firebird-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebird-gener...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/firebird-general/b07434d0-f1e7-5087-5352-f584951bf72c%40lawinegevaar.nl.
Reply all
Reply to author
Forward
0 new messages