I'm writing an open source application that uses the Firebird embedded
database. Firebird doesn't have database encryption, and embedded Firebird
doesn't have real password security for the database. So, right away, I
understand that the database itself is not secure - if someone can take it
away from the computer, they can use it on their own install of Firebird.
Fortunately, this is not an app that needs huge security. It is for
tracking donors and donations to charities, and because it just tracks
them, there is no entry of really sensitive info like credit card numbers.
Just personal info like names, addresses, and donation amounts.
The current (non-open source) version allows for a program entry password,
although I think a majority of my users don't even use that. The problem
is, obviously, that given that the program is open source, it could clearly
easily be hacked to let you in without that password. Not that more than
about 1% or so of my users have access within their organization to someone
who could do so! The users (over 4,000 so far) are generally smallish
charities and churches, and they don't seem to have huge concerns about
What really concerns me is what to do about lost passwords. Currently, if a
user writes to me and says they lost their password, I have a way to
generate a temporary back-door password that will let them into the program
and let them change their password. I think this is necessary, because it's
not acceptable to just say "too bad, you lost your data". I don't do any
special due diligence about it being the correct user, and nobody so far
has seemed to have any problem with that.
Does anyone have any advice about this last point about lost passwords? How
should that be handled in an open source environment? It's possible that in
the future the program could have a life of its own, with me not involved,
though I have no such intention at present. There might be no one clear
person to contact for help on lost passwords, and unless I also publish my
temporary password generating program, there will be no way to solve the
problem. But I feel that if I do publish the temp password generator, I'm
completely giving away the store.
I'm also interested in advice about any other aspects of this, though not
from security zealots, because I know I'm not going to take your advice.
For instance, there a number of good reasons that I picked Firebird, and I
don't intend to change that. My users are not especially concerned about
security, in my experience.
Thanks in advance for any thoughts.
If anyone wants more info on my program, it's at www.freedonationsoftware.org