Subject | Re: [Firebird-Architect] Encryption for embedded server |
---|---|
Author | Jonathan Neve |
Post date | 2004-09-29T06:32:34Z |
Jim Starkey wrote:
be a nice feature, but if not, I don't think it's very important.
But I think encryption could be very useful. Actually, now I come to
think of it, this could even be used for an ordinary server
configuration (not embedded). The best thing, IMO, would be to specify
the key as a DB connection parameter. That way, only applications
knowing this key would be able to connect to this database. Furthermore,
the DB file could freely be exchanged from one machine to another, it
would still remain usable only be an application knowing the correct key...
Regards,
Jonathan Neve.
[Non-text portions of this message have been removed]
>First a quibble about nomenclature. An embedded server is aOk.
>contradiction in terms. You can have an embedded engine. You can have
>a remote interface to talk to a server. You can have a program layered
>on the server code. But you can't have an embedded server.
>
>
>But your point about encryption is well taken. My ideas of how securitySounds good to me.
>plugin should work is that can be chained, and get a crack at file
>opens, page reads, and page writes as well as authentication requests.
>This would let us roll the physical database I/O into a default
>"security plugin". Another plugin could handle page level encryption
>and maybe a third to handle authentication. Key management, as usual,
>is a problem that would need to be solved.
>
>
>Compression is a different story, however. I haven't a clue on how toYes, I had thought of this. If there is a possible solution, this would
>do random access into a compressed file.
>
>
be a nice feature, but if not, I don't think it's very important.
But I think encryption could be very useful. Actually, now I come to
think of it, this could even be used for an ordinary server
configuration (not embedded). The best thing, IMO, would be to specify
the key as a DB connection parameter. That way, only applications
knowing this key would be able to connect to this database. Furthermore,
the DB file could freely be exchanged from one machine to another, it
would still remain usable only be an application knowing the correct key...
Regards,
Jonathan Neve.
[Non-text portions of this message have been removed]