Subject Re: [Firebird-Architect] Re: Does the database 'need' encryption?
Author Roman Rokytskyy
>It seems every time the "database encryption" question shows up, it
>gets quickly drowned into complicated discussions about what real
>security is and how many different aspects have to be considered.
>Let's not mix different things:
>-- First and simplest, there is an application using embedded and I
>want to password-protect my database so that if anyone gets hold of the
>file they will not be able to read MY data without knowing the password
>or investing time and qualified effort in breaking the encryption.

Sorry, but that is another side of the same story. When talking about security one always considers the question "how much would it cost to break the protection?", and not the "is it breakable at all?".

>-- Another reasonable requirement that is absolutely unrelated: I want
>to create encrypted protected backups of my database. This is valid
>also for full server deployments.

True, but the same logic applies - how much would it cost? There are people that will be happy with simple XOR, but there are also people that have much stronger requirements.

>-- Also completely unrelated: I don't want anyone to be able to see my
>data while in transit on the network - either LAN or the internet. Part
>of this - I want to be sure that I'm connecting to my server and not to
>someone pretending to be.

Same story - there is no "one size fits all" solution as well. The more complex the protection is, the more administrative efforts it requires.

>-- Another one, also unrelated and much more complicated - I would want
>to be sure that no one is able to get to my data even if they break
>into my server - that's about encrypting temporary storage, protecting
>from in-memory attacks, clearing swap space and many more things that I
>confess I don't understand ;-)

That is just more comolex case, and the answer for the "how much" question in such case is "that must be very expensive!".

>So please let's try to keep things separated. A page-level encryption
>API is requested and though some believe it is not needed, most agree
>that it is possible and not too complicated. Then when the first
>encryption plug-ins appear, we may start another round of discussions
>on their merits and flaws.

As I wrote in some of my previous emails, FB should be designed so, that creation of highly secure applications is possible, and the project might develop much less secure solution (e.g. page encryption with a key passed on connect with an SSL/TLS encryption of the wire protocol). But this thing is out of scope of this list, which is concerned with architectural questions.

>And last but not least - most competing products already have these

Sorry, could you please post links to the documentation to those products where the page level encryption and wire protocol encryption are described?

I only know of AES encrypt/decrypt functions in MySQL and the encryption of the field data in Oracle/MS SQL (which use completely different approach)...