Subject Re: [Firebird-general] pro&contra
Author Aage Johansen
Ann W. Harrison wrote:
>> Aage Johansen wrote:
>>> ... Two pro-Sybase arguments are ... and also the
>>> encryption feature that seems to make it easy to comply with the
>>> laws/regulations (without delivering much added security, however).
> Kjell Rilbe wrote:
>> Why can't you use some kind of disk encryption and SSL tunneling in
>> combination with Firebird? It should provide sufficient security...?

Well, I don't think "sufficient security" is the problem - it seems
the regulations require some specific measures (and disk encryption
has been suggested, and turned down).

> Another alternative would be to implement the encryption hooks in
> Firebird, or intercept the read/write calls and encrypt at the page
> level. That won't make your data secure (see many previous
> discussions) but may be good enough for government work. Combine
> that with Kjell's suggestions, and you have actual security at
> twice the cost.

Exactly. In particular, encrypting specific columns (_and_ a
mechanism for handling keys/privileges) would go a long
way. Probably sufficient for our situation!
I think that in Sybase (and probably in IB) you can encrypt specific
columns of a table, and users without priviledge to decrypt will just
see "noise" in those particular columns.
I wonder how much (coders, money) it would take to enable us to
"check off" an ecryption facility on the features list in
Firebird... Whenever this has been discussed, it has come to a halt
because we have not found a way to implement "good enough" security.

Aage J.