| Subject | Re: [firebird-support] Crypting data |
|---|---|
| Author | peter@cyionics.com |
| Post date | 2003-11-20T08:36:44Z |
Hi Uwe
I also use several levels of keys but I also encrypt my main application to prevent reverse engineering and access to any fixed keys.
You can also overwrite the source for the stored procedures in the system tables so that users cannot access that part.
I store some high value data which is worth real cash and I only encrypt keys and important data fields, there is also a variable key which is different for each site and is downloaded from the main server at registration / install time.
There is lots you can do and probably authentication the rights to run the application are just as important.
Rgds
Peter
I also use several levels of keys but I also encrypt my main application to prevent reverse engineering and access to any fixed keys.
You can also overwrite the source for the stored procedures in the system tables so that users cannot access that part.
I store some high value data which is worth real cash and I only encrypt keys and important data fields, there is also a variable key which is different for each site and is downloaded from the main server at registration / install time.
There is lots you can do and probably authentication the rights to run the application are just as important.
Rgds
Peter
----- Original Message -----
From: Uwe Oeder
To: firebird-support@yahoogroups.com
Sent: Thursday, November 20, 2003 7:17 AM
Subject: Re: [firebird-support] Crypting data
Would you please share any information you get as I am also very interested
in this matter. As I have to develop an application that uses an embedded
server and distribute it to thousands of clients who may view the read-only
data but may not get access to the tables. And as far as I understand if
you can get the database file you can easily gain access to it.
>Hi All,
>
>If someone can access to database file and have password, he/she can view
>data inside.
>
>I want to build an application which has embedded an encryption key and
>all data stored in firebird db is encrypted using this key.
>So, anymore has access to the db file will only see junk.
>
>Has anyone done so, like building an encryption layer between the app and
>the db?
>
>Issue concern:
>1) Performance issue as all data transfer need encryption and decryption.
>2) Data type - encrypted currency might look like *yw>9)q01. How to store
>them? All varchar fields?
>
>Thanks.
>
>cm
>
>
>---------------------------------
>Want to chat instantly with your online friends? Get the FREE Yahoo!Messenger
>
>[Non-text portions of this message have been removed]
>
>
>
>To unsubscribe from this group, send an email to:
>firebird-support-unsubscribe@yahoogroups.com
>
>
>
>Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Yahoo! Groups Sponsor
ADVERTISEMENT
To unsubscribe from this group, send an email to:
firebird-support-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
[Non-text portions of this message have been removed]