Subject Re: [Firebird-Architect] Re: Does the database 'need' encryption?
Author Lester Caine
Roman Rokytskyy wrote:
>> It seems every time the "database encryption" question shows up, it
>> gets quickly drowned into complicated discussions about what real
>> security is and how many different aspects have to be considered.
>> Let's not mix different things:
>> -- First and simplest, there is an application using embedded and I
>> want to password-protect my database so that if anyone gets hold of the
>> file they will not be able to read MY data without knowing the password
>> or investing time and qualified effort in breaking the encryption.
> Sorry, but that is another side of the same story. When talking about security one always considers the question "how much would it cost to break the protection?", and not the "is it breakable at all?".
And also the cost of 'processing' encrypted data so that index files do not
contain information that would help un-encrypting? I understand this
'requirement', and I'm not arguing against it, just highlighting that it is only
part of the picture.

>> -- Another reasonable requirement that is absolutely unrelated: I want
>> to create encrypted protected backups of my database. This is valid
>> also for full server deployments.
> True, but the same logic applies - how much would it cost? There are people that will be happy with simple XOR, but there are also people that have much stronger requirements.
Total picture again.
Why not simply use the password protection provided by and external packing
program. My own backup process stores it's archives using .gz and that can be
password protected.

>> -- Also completely unrelated: I don't want anyone to be able to see my
>> data while in transit on the network - either LAN or the internet. Part
>> of this - I want to be sure that I'm connecting to my server and not to
>> someone pretending to be.
> Same story - there is no "one size fits all" solution as well. The more complex the protection is, the more administrative efforts it requires.
Windows just needs a decent SSH support?
There are many methods to provide secure traffic which covers ALL of your
activity rather than just the data packets?

>> -- Another one, also unrelated and much more complicated - I would want
>> to be sure that no one is able to get to my data even if they break
>> into my server - that's about encrypting temporary storage, protecting
>>from in-memory attacks, clearing swap space and many more things that I
>> confess I don't understand ;-)
> That is just more comolex case, and the answer for the "how much" question in such case is "that must be very expensive!".
And another case for considering the total picture including the OS.
My own customers have differing views on the level of protection required by
their VPN links, and in some cases I can only play with data on a virtual
desktop of the secure server. Breaking into that server even to look at any data
is the first problem.

>> So please let's try to keep things separated. A page-level encryption
>> API is requested and though some believe it is not needed, most agree
>> that it is possible and not too complicated. Then when the first
>> encryption plug-ins appear, we may start another round of discussions
>> on their merits and flaws.
> As I wrote in some of my previous emails, FB should be designed so, that creation of highly secure applications is possible, and the project might develop much less secure solution (e.g. page encryption with a key passed on connect with an SSL/TLS encryption of the wire protocol). But this thing is out of scope of this list, which is concerned with architectural questions.

>> And last but not least - most competing products already have these
> Sorry, could you please post links to the documentation to those products where the page level encryption and wire protocol encryption are described?
> I only know of AES encrypt/decrypt functions in MySQL and the encryption of the field data in Oracle/MS SQL (which use completely different approach)...
It is the design of the 'architecture' of a complete solution that is important,
and simply grafting encrypt/decrypt in some parts of the system is not the
solution. As others have said ... you need to be able to manage the keys and the
like which is where existing OS solutions may provide a much more sensible
solution. And one that will be complicated by needing to work cross platform.
Have a look at the problems the DVCS systems are having providing a generic
solution to security between Linux/Unix, Mac and Windows ;)

Lester Caine - G8HFL
Contact -
L.S.Caine Electronic Services -
EnquirySolve -
Model Engineers Digital Workshop -
Firebird -