| Subject | Re: [Firebird-Architect] database encryption |
|---|---|
| Author | (no author) |
| Post date | 2010-11-04T13:06:29Z |
Hi,
At November-03-10, 6:19 PM, Adriano dos Santos Fernandes wrote:
not the case. We need to be able to provide database encryption and
encryption over-the-wire(LAN or WAN) for our customers and to be able
to get nour software fully certified for the United States Healthcare
"Meaningful Use" Medicare certification. Our clients range from one
doctor and one computer practices to multiple offices and doctors. So,
there are some that only have one computer in their office, and that
is where the database is located. And, most of our customers hardly
knows how to use a computer. And, if the only type of backup they do
is copying the database file onto another disk(HD, CD, DVD, flash
drive, etc...), and that that disk is not encrypted, then the database
backup is not encrypted, which would be a violation of HIPAA rules. We
can teach our customers on how to do it by the rules, but they rarely
do it. And, we need to make it easy for them to setup the software
accordingly.
And, there are also discussions going on here in Canada for something
similar.
I think that there should be a developer can develop their own plugin
for database encryption and encryption over-the-wire in Firebird. At
first, the Firebird team wouldn't necessarily create the new plugins,
but just the facility(API) for someone to implement their own. I think
Jim's suggestion for page level encryption is a good starter.
Basically, having the page data go through the plugin to be encrypted
on writing and decrypted on reading. And, I think a similar
architecture could be used for the over-the-wire implementation. I
think that the over-the-wire encryption would have to be for the whole
server(especially if the first packet that would specify which
database you are connecting to would also be encrypted), while the
database encryption could be specified for each databases
independently.
--
Best regards,
Daniel Rail
Senior Software Engineer
ACCRA Solutions Inc. (www.accra.ca)
ACCRA Med Software Inc. (www.filopto.com)
At November-03-10, 6:19 PM, Adriano dos Santos Fernandes wrote:
> People already can put the files behind the TCP server, as nobody needNot in all scenarios.
> direct access to the database.
> And most people wanting encrypted or password-protected databases wantsI know that it used to be the most common argument. But, for us it is
> that because they want to distribute their database to others but do not
> want they to see the data from outside their applications.
not the case. We need to be able to provide database encryption and
encryption over-the-wire(LAN or WAN) for our customers and to be able
to get nour software fully certified for the United States Healthcare
"Meaningful Use" Medicare certification. Our clients range from one
doctor and one computer practices to multiple offices and doctors. So,
there are some that only have one computer in their office, and that
is where the database is located. And, most of our customers hardly
knows how to use a computer. And, if the only type of backup they do
is copying the database file onto another disk(HD, CD, DVD, flash
drive, etc...), and that that disk is not encrypted, then the database
backup is not encrypted, which would be a violation of HIPAA rules. We
can teach our customers on how to do it by the rules, but they rarely
do it. And, we need to make it easy for them to setup the software
accordingly.
And, there are also discussions going on here in Canada for something
similar.
I think that there should be a developer can develop their own plugin
for database encryption and encryption over-the-wire in Firebird. At
first, the Firebird team wouldn't necessarily create the new plugins,
but just the facility(API) for someone to implement their own. I think
Jim's suggestion for page level encryption is a good starter.
Basically, having the page data go through the plugin to be encrypted
on writing and decrypted on reading. And, I think a similar
architecture could be used for the over-the-wire implementation. I
think that the over-the-wire encryption would have to be for the whole
server(especially if the first packet that would specify which
database you are connecting to would also be encrypted), while the
database encryption could be specified for each databases
independently.
--
Best regards,
Daniel Rail
Senior Software Engineer
ACCRA Solutions Inc. (www.accra.ca)
ACCRA Med Software Inc. (www.filopto.com)