| Subject | Re: [Firebird-Architect] database encryption |
|---|---|
| Author | Ann W. Harrison |
| Post date | 2010-11-03T18:19:43Z |
On 11/3/2010 6:56 AM, sijun_kang wrote:
code would not produce a secure encryption under any
circumstances. Yes, it might block a casual reader,
but it would only give the illusion of security against
serious attack. Yes, other database systems offer
the same kind of "security", but the Firebird project
is not staffed at a level that lets it put in features
that fundamentally don't work.
Best regards,
Ann
> It seems that "database encryption" was a topic previously discussed long time ago and it was concluded that encryption would not be more secure than obfustication in some scenarios. But still, I think there are other scenarios where encryption is the only methold to help secure the data. Since there are already some code (currently disabled) in the source, I wonder why it has never been released as a feature to the public? As mentioned in ticket "CORE-1913" (Firebird Core - Database encryption revisited, http://tracker.firebirdsql.org/browse/CORE-1913), in some applications, even the law requires encryption as a must-have. I wish this feature be made active as soon as possible. Any comment/insight on this? ThanksAs I remember, what was concluded was that the disabled
code would not produce a secure encryption under any
circumstances. Yes, it might block a casual reader,
but it would only give the illusion of security against
serious attack. Yes, other database systems offer
the same kind of "security", but the Firebird project
is not staffed at a level that lets it put in features
that fundamentally don't work.
Best regards,
Ann