Subject Re: [IB-Architect] Fw: Mischievous SYSDBA
Author Dalton Calford
Hi Jim,

> Problem: gbak will need the key (or whatever) to access the restriction
> portion of the database. Unless we can come up with something tricky,
> this means giving the key to the system administrator, who is the one
> we're trying to protect the data from.

Since the programmer will have access to the source of GBAK, they can
make the change to gbak to include the key without telling the local
administrator the key.

Or, use the server side api (since the person would have to connect to
the database first to implement it) to back up the database.

> Does this mean that the protection mechanism must work through
> sanctioned program using these interfaces? Defining something
> that is accessible through ODBC is quite a different beast than
> something limited to the native API.

Is there any extensions to ODBC that would support a encryption

best regards