Advice for minimal password security on an open source app

I'm writing an open source application that uses the Firebird embedded
database. Firebird doesn't have database encryption, and embedded Firebird
doesn't have real password security for the database. So, right away, I
understand that the database itself is not secure - if someone can take it
away from the computer, they can use it on their own install of Firebird.

Fortunately, this is not an app that needs huge security. It is for
tracking donors and donations to charities, and because it just tracks
them, there is no entry of really sensitive info like credit card numbers.
Just personal info like names, addresses, and donation amounts.

The current (non-open source) version allows for a program entry password,
although I think a majority of my users don't even use that. The problem
is, obviously, that given that the program is open source, it could clearly
easily be hacked to let you in without that password. Not that more than
about 1% or so of my users have access within their organization to someone
who could do so! The users (over 4,000 so far) are generally smallish
charities and churches, and they don't seem to have huge concerns about
security.

What really concerns me is what to do about lost passwords. Currently, if a
user writes to me and says they lost their password, I have a way to
generate a temporary back-door password that will let them into the program
and let them change their password. I think this is necessary, because it's
not acceptable to just say "too bad, you lost your data". I don't do any
special due diligence about it being the correct user, and nobody so far
has seemed to have any problem with that.

Does anyone have any advice about this last point about lost passwords? How
should that be handled in an open source environment? It's possible that in
the future the program could have a life of its own, with me not involved,
though I have no such intention at present. There might be no one clear
person to contact for help on lost passwords, and unless I also publish my
temporary password generating program, there will be no way to solve the
problem. But I feel that if I do publish the temp password generator, I'm
completely giving away the store.

I'm also interested in advice about any other aspects of this, though not
from security zealots, because I know I'm not going to take your advice.
For instance, there a number of good reasons that I picked Firebird, and I
don't intend to change that. My users are not especially concerned about
security, in my experience.

Thanks in advance for any thoughts.

If anyone wants more info on my program, it's at
www.freedonationsoftware.org.

Dan Cooperstock <dcoops@sympatico.ca> wrote:
> I'm writing an open source application that uses the Firebird embedded
> database. Firebird doesn't have database encryption, and embedded Firebird
> doesn't have real password security for the database. So, right away, I
> understand that the database itself is not secure

Secure against what threats?

Yours,
VB.
--
"Pornography is an abstract phenomenon. It cannot exist without a medium
to propagate it, and it has very little (if anything at all) to do with sex."
Tina Lorenz
<https://events.congress.ccc.de/congress/2006/Fahrplan/events/1422.en.html>

Volker Birk <bumens@dingens.org> wrote in news:45e57791@news.uni-ulm.de:

> Dan Cooperstock <dcoops@sympatico.ca> wrote:
>> I'm writing an open source application that uses the Firebird
>> embedded database. Firebird doesn't have database encryption, and
>> embedded Firebird doesn't have real password security for the
>> database. So, right away, I understand that the database itself is
>> not secure
>
> Secure against what threats?
>
> Yours,
> VB.

That's a very good question, Volker. I think realistically all I can hope is that it protects
against unauthorized people who happen to have physical access to the computer on which
my program has been installed getting into my program. Not people who are determined to
get in, and have serious technical expertise, but just casually interested people, probably
other staff or volunteers for the charity using my program.

- Dan.

On Feb 27, 8:34 am, Dan Cooperstock <dco...@sympatico.ca> wrote:

> Fortunately, this is not an app that needs huge security. It is for
> tracking donors and donations to charities, and because it just tracks
> them, there is no entry of really sensitive info like credit card numbers.
> Just personal info like names, addresses, and donation amounts.
>

I would first suggest that you reevaluate your definition of sensative
information. You might find that your doners do not agree with your
assessment.

Dan Cooperstock <dcoops@sympatico.ca> wrote:
> That's a very good question, Volker. I think realistically all I can hope is that it protects
> against unauthorized people who happen to have physical access to the computer on which
> my program has been installed getting into my program. Not people who are determined to
> get in, and have serious technical expertise, but just casually interested people, probably
> other staff or volunteers for the charity using my program.

I fear, that this will not work. One person will find out how to ignore
your security-by-obscurity concept, the others just will copy.

Yours,
VB.
--
"Pornography is an abstract phenomenon. It cannot exist without a medium
to propagate it, and it has very little (if anything at all) to do with sex."
Tina Lorenz
<https://events.congress.ccc.de/congress/2006/Fahrplan/events/1422.en.html>