| Subject | Re: [Firebird-Architect] Encryption for embedded server |
|---|---|
| Author | Dmitry Yemanov |
| Post date | 2004-09-29T07:08:39Z |
"Jim Starkey" <jas@...> wrote:
experiments. I've switched the code to PluginManager and fixed some bugs,
now it does work, at least on win32. Just uncomment one line in the FB
sources and you'll be able to specify an encryption key in a DPB parameter.
Then the engine will load /plugins/fbcrypt.dll/.so and use its entrypoints
in the PIO code for a symmetric encryption.
But, with the current key management (required DPB parameter), all tools
(gbak, gfix etc) along with the Services API should be aware of this DPB
parameter and provide command-line interface for that.
Dmitry
>Page-level encryption is already available as a part of some Borland
> But your point about encryption is well taken. My ideas of how security
> plugin should work is that can be chained, and get a crack at file
> opens, page reads, and page writes as well as authentication requests.
> This would let us roll the physical database I/O into a default
> "security plugin". Another plugin could handle page level encryption
> and maybe a third to handle authentication.
experiments. I've switched the code to PluginManager and fixed some bugs,
now it does work, at least on win32. Just uncomment one line in the FB
sources and you'll be able to specify an encryption key in a DPB parameter.
Then the engine will load /plugins/fbcrypt.dll/.so and use its entrypoints
in the PIO code for a symmetric encryption.
But, with the current key management (required DPB parameter), all tools
(gbak, gfix etc) along with the Services API should be aware of this DPB
parameter and provide command-line interface for that.
> Key management, as usual,This is the reason why this feature was never enabled for public ;-)
> is a problem that would need to be solved.
Dmitry