mlq@hotmail.com (Michael) writes:
> I want to develop an application using a database server. But I am
> concerned that installing it at client's sites will mean that I am
> potentially exposing my intellectual property to theft. (I'm in Asia
> where this sort of thing is rife).
In other words you want to create a black box. Information goes in,
but it only comes out if you get paid. Such a thing is possible, but
only if the customer doesn't get to poke at the box. If they control
the hardware, then you are sunk.
> Would it be true to say that for all database servers (Oracle,
> SQLServer, PostgreSQL, Interbase etc) it is impossible to absolutely
> protect the intellectual property contained in the schema design and
> sql code ( not to mention the data itself)?
Yes, that's basically how things work. PostgreSQL, Oracle, SQL
Server, Interbase, and all the rest will happily regurgitate both
"your" schema and your customers data. Many of them (like PostgreSQL)
will even do it in an easy to edit text format if you ask nicely
enough.
> Is it true that a database backup can always be restored on a
> different server and thus the administrator can gain complete access
> to schema, code and all data?
Yes that is true. In fact, it is darn handy. Backups that can't be
installed on a separate machine aren't backups.
> If there is a difference in this respect on various server types, is
> there a "league table" of which offer the best security?
Security usually means keeping crackers out, not systems
administrators.
> Can security be enforced in some way by compelling each user
> (including administrator) to always have a digital certificate even
> if using a restored copy on a different server?
With special hardware and special hardware such a thing *might* be
possible. For example, the X-Box has been engineered by Microsoft so
that only their software will boot on it. Chances are good that there
is a loophole or a way to trick the system, however.
Chances are also good that your customers won't be interested in a
system with backups that can't be installed on another machine. After
all, what happens if the primary machine fails? They probably also
won't be thrilled by an application that doesn't believe in sharing
data.
Jason
