Daniel Rail wrote:

>> And most people wanting encrypted or password-protected
>> databases wants that because they want to distribute their
>> database to others but do not want they to see the data
>> from outside their applications.

> I know that it used to be the most common argument. But, for
> us it is not the case. We need to be able to provide database
> encryption and encryption over-the-wire(LAN or WAN) for our
> customers and to be able to get nour software fully certified
> for the United States Healthcare "Meaningful Use" Medicare
> certification.

Are you saying that Windows EFS or other full system encryption
is not able to pass such certification?

[There are similar third party solutions for over-the-wire
encryption.]

Are you also saying that the certification would be content
with an application that used (for example) AES to encrypt it's
database pages - even though private data may escape the system
through temporary files, system paging or other such application
and operating system features?

This is exactly the sort of application that I thought should
warrant serious security - the idea that "as long as it looks
good" is good enough is something of a concern.

> [...]
> I think that there should be a developer can develop their
> own plugin for database encryption and encryption over-the-wire
> in Firebird. At first, the Firebird team wouldn't necessarily
> create the new plugins, but just the facility(API) for someone
> to implement their own. [...]

I'll let the active developers address this aspect, I suspect
that Firebird wouldn't be far off being able to do exactly
that - let you write/supply your own encryption if all you want
is the database pages encrypted.

That people would use this to pretend to have reasonable
security agitates the pedant in me, but I guess that's my
problem and not yours.

--
Geoff Worboys
Telesis Computing