Subject Re: [Firebird-Architect] Encryption for embedded server
Author Jonathan Neve
Jim Starkey wrote:

>First a quibble about nomenclature. An embedded server is a
>contradiction in terms. You can have an embedded engine. You can have
>a remote interface to talk to a server. You can have a program layered
>on the server code. But you can't have an embedded server.
>
>
Ok.

>But your point about encryption is well taken. My ideas of how security
>plugin should work is that can be chained, and get a crack at file
>opens, page reads, and page writes as well as authentication requests.
>This would let us roll the physical database I/O into a default
>"security plugin". Another plugin could handle page level encryption
>and maybe a third to handle authentication. Key management, as usual,
>is a problem that would need to be solved.
>
>
Sounds good to me.

>Compression is a different story, however. I haven't a clue on how to
>do random access into a compressed file.
>
>
Yes, I had thought of this. If there is a possible solution, this would
be a nice feature, but if not, I don't think it's very important.

But I think encryption could be very useful. Actually, now I come to
think of it, this could even be used for an ordinary server
configuration (not embedded). The best thing, IMO, would be to specify
the key as a DB connection parameter. That way, only applications
knowing this key would be able to connect to this database. Furthermore,
the DB file could freely be exchanged from one machine to another, it
would still remain usable only be an application knowing the correct key...

Regards,
Jonathan Neve.


[Non-text portions of this message have been removed]