| Subject | Re: [ib-support] Firebird Deployment |
|---|---|
| Author | IB/FB List |
| Post date | 2003-01-07T16:47:26Z |
At 15:15 07/01/2003 +0000, you wrote:
user/password (or anything relative to the user who can read the data like
department, function, etc.) as the key for your crypt routine !
But, (always have a but...) if you use encrypted data, you will have
problems when using 3rd party software (like Crystal Reports or other data
analisys tools).
Firebird developers....
Are a good feature have record encryption based on user or roles ?
Or permissions (select, update, delete) on records based on
users/groups/roles ?
If a feature like this could be implemented will be transparent for the
client application, the server decrypt the data if the user has enough
privilegies, otherwise crypted (or null) values will be returned, or if the
user has no select privilegie for that record, the record was not returned
from the server like if the record was on an uncommited transaction...
Or this is insane ? Too much overhead ? ;-)
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br
----------
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.437 / Virus Database: 245 - Release Date: 06/01/2003
[Non-text portions of this message have been removed]
> > I think a little different...If the data should be keep secret, I agree with you, encript it using
>...
> > think it's your data but customer data) in a simple and easy way.
>
>Under normal circumstances I would fully agree with you. I love integrating
>systems and have a system that shares its data is brilliant. But ( theres
>always a but :0) ) the application may be used by more than one person on
>the same machine and the data that is stored is confidential per user. So
>for example person A is a software developer who knows about Interbase.
>Person B uses person A machine and thus uses the same application and
>database. Person A falls out with Person B and knows that the data stored in
>the database for Person B can seriously damage them so uses the SYSDBA
>username and looks at Person B records.
user/password (or anything relative to the user who can read the data like
department, function, etc.) as the key for your crypt routine !
But, (always have a but...) if you use encrypted data, you will have
problems when using 3rd party software (like Crystal Reports or other data
analisys tools).
Firebird developers....
Are a good feature have record encryption based on user or roles ?
Or permissions (select, update, delete) on records based on
users/groups/roles ?
If a feature like this could be implemented will be transparent for the
client application, the server decrypt the data if the user has enough
privilegies, otherwise crypted (or null) values will be returned, or if the
user has no select privilegie for that record, the record was not returned
from the server like if the record was on an uncommited transaction...
Or this is insane ? Too much overhead ? ;-)
>...Hope that helps....
>Thanks for your help.
>
>Regards,
>Marcus.
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda.
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br
----------
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.437 / Virus Database: 245 - Release Date: 06/01/2003
[Non-text portions of this message have been removed]