Jim Starkey wrote:

> Jonathan Neve wrote:
>
> Ah, but sending the decryption key in clear compromises the encryption.
> This is why I've been arguing that we need an end-to-end security
> architecture before we start messing around with details.
>

Embedded is a lost cause from a real security perspective.

Since there is no process separation of client and server, the person
running embedded essentially has SYSDBA equivalent access to the
database, even if they do it via notepad.

That probably also means that they have access to security.fdb (unless
they attach to that as a client) but doesn't (necessarily) mean they
have root system access.

But even having SYSDBA access, they still have to know how to use it, or
how to hack it, encrypting the data for embedded, like hidden folders
will deter some people.

But it can also give others a false sense that their data is secure.

Bottom line is you need to have as much trust an embedded user as you
have in the SYSDBA on the same system - but for embedded, that's often
exactly what you want to do.


However, server versions both embedded and super with separate client
and server processes, are a completely different trust relationship story.


Cheers

Mark