How to protect the connection over insecure networks (Internet)?


Firebird doesn't have anything built in for that. There is a discussion of possibility to use SSL, and perhaps it will be implemented in some future version. In the meantime, you can use some generic tunneling software like SSH, SSL or ZeBeDee.

1. Simple SSH example:

Here's an example how to run a simple SSH tunnel. Example assumes that you have an SSH account at the remote machine in the same network where Firebird server is running.

SSH account username: thomas
SSH account password: ******
SSH server IP address: 123.234.111.222
Firebird server IP address in local network: 192.168.0.22
Firebird server port (default): 3050
Local port: 3051 (if you have Firebird installed on your machine, you cannot use 3050, so we use 3051).

Create a tunnel:

ssh -L 3051:192.168.0.22:3050 thomas@123.234.111.222

Now you can connect from your application or administration tool to localhost/3051 and you'll get access to remote Firebird server.

If you wish to automate this, it is advisable to create a set of public/private keys and use that instead of password authentication.


2. Simple Zebedee example:

This example shows zebedee usage without private encryption keys. Such connection still uses encryption, but anyone is allowed to connect to zebedee server. This is similar to SSL: anyone can connect, but nobody can listen to the connection. We'll use the same setup as SSH example:

Start a zebedee server on 123.234.111.222, and point it to the Firebird server:

zebedee -s 192.168.0.22

This would forward all trafic. You can make advanced setup by editing the zebedee configuration file.

Now, create a tunnel on the client:

zebedee 123.234.111.222 3051:192.168.0.22:3050

That's all. Now you can connect from your application or administration tool to localhost/3051 and you'll get access to remote Firebird server.

For detailed instructions on zebedee setup, read the following paper by Artur Anjos:

http://www.firebirdsql.org/download/firebird_zebedee_eng.pdf


3. SSL (stunnel) instructions are explained in detail here:

http://www.ibphoenix.com/downloads/Secure_connections_to_Firebird_with_Stunnel.pdf


Do you find this FAQ incorrect or incomplete? Please e-mail us what needs to be changed. To ensure quality, each change is checked by our editors (and often tested on live Firebird databases), before it enters the main FAQ database. If you desire so, the changes will be credited to your name. To learn more, visit our add content page.

If you are a commercial tool maker and your tool features a great way to handle the issue written about in this FAQ, please check out our advertisement page.



All contents are copyright © 2007-2017 FirebirdFAQ.org unless otherwise stated in the text.


Links   Firebird   News   FlameRobin   Home Inventory powered by FB  
Add content   Advertise   About  

Categories
 Newbies
 SQL
 Installation and setup
 Backup and restore
 Performance
 Security
 Connectivity and API
 HOWTOs
 Errors and error codes
 Miscellaneous