> If you assume that a) a bad guy has access to the database file and

Yes

> b) the bad guy has access to the InterBase source and

Maybe, but I don't assume he's a programmer that can understand the thing.
(i.e. professional housebreaker vs. happy teen).

> c) the bad
> guy has the ability to spoof the application to acquire an encryption
> key,

No, he's probably not that skilled. I know very well that professional
crackers will get in. I'm concerned about the 99.999% which aren't
professional crackers, and all those that aren't crackers at all but just
plain curious. Today the door is wide, wide, wide open...

> then no, I don't think a solution is possible.
>

Too bad.

BTW, I read in IB-Priorities a long reply by Charlie (Caro) about encryption
plugin support that was there once upon a time. Any comments on that?


-ST