| Subject | Re: Re: [firebird-support] Database Security |
|---|---|
| Author | Jim McKay |
| Post date | 2004-01-06T04:49:23Z |
Hello Geoff Worboys:
======= At 2004-01-06, 14:47:00 Geoff Worboys wrote: =======
db encryption, but "even if it did this you cannot
protect the database from authorised users."
Unless I mis-read you, I was left w/impression you suggest
that encrypted DB keys were easily accessable as matter of fact.
That's definately not the case.
I responded to that.
But I wouldn't post just to tell you your idea sucked. <g>
For whatever reason, notion that someone may take to
heart idea that DB encryption is inherently insecure moved
be to speak. :)
There are 3rd party add ons that handle the task (although, probably
too pricey to make sense for FB users), and quite a few good papers
on the subject.
I probably should say DB encryption happens to be of major importance
for me. Most of our work these days is medical. The fastest, slickest,
fullest featured DB on the planet I couldn't use if there was no
encryption. I understand this is not primary concern for many.
For what it's worth, I've used StreamSecII encryption suite
quite a bit... mostly for middle tier RPC SSL/TLS implementation.
Excellent library. I'm pretty sure it could be used to build viable
DB encryption... secure keys and all. Not a trivial task, however.
Best regards.
Jim McKay
JMcKay@...
2004-01-05 20:02:46
--
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.209 / Virus Database: 261.5.6 - Release Date: 1/2/2004
======= At 2004-01-06, 14:47:00 Geoff Worboys wrote: =======
>>>Some people have requested that FB provide the ability toYou mentioned to him that "some people" want native
>>>encrypt the database. But even if it did this you cannot
>>>protect the database from authorised users.
>
>> here here!
>
>>> You could obscure the decryption key inside the executable,
>
>> Usually, it's stored elsewhere... hardware or certificate/ASN
>> schemes for most part.
>
>> AFAIC, this is doable. It's also important:
>
>I am not clear what you mean here.
> Are you suggesting that
>such schemes could somehow assist in the original question
>(protecting against users accessing metdata)?
db encryption, but "even if it did this you cannot
protect the database from authorised users."
Unless I mis-read you, I was left w/impression you suggest
that encrypted DB keys were easily accessable as matter of fact.
That's definately not the case.
I responded to that.
>>From the earlier "here here!" I am guessing you are simplyWell... no, I don't think it's very good idea.
>clarifying the fact that my security by obscurity suggestion
>is not a good idea.
But I wouldn't post just to tell you your idea sucked. <g>
For whatever reason, notion that someone may take to
heart idea that DB encryption is inherently insecure moved
be to speak. :)
>I was not trying to suggest that it was a properly secureAgain, I'm only speaking to notion of encrypting database in general.
>implementation. In some limited circumstances security by
>obscurity can be enough to prevent uneducated users from
>tampering, just dont use it to hide your credit card details
>on the net ;-)
There are 3rd party add ons that handle the task (although, probably
too pricey to make sense for FB users), and quite a few good papers
on the subject.
I probably should say DB encryption happens to be of major importance
for me. Most of our work these days is medical. The fastest, slickest,
fullest featured DB on the planet I couldn't use if there was no
encryption. I understand this is not primary concern for many.
For what it's worth, I've used StreamSecII encryption suite
quite a bit... mostly for middle tier RPC SSL/TLS implementation.
Excellent library. I'm pretty sure it could be used to build viable
DB encryption... secure keys and all. Not a trivial task, however.
>--= = = = = = = = = = = = = = = = = = = =
>Geoff Worboys
>Telesis Computing
>
>
>
>
>Yahoo! Groups Links
>
>To visit your group on the web, go to:
> http://groups.yahoo.com/group/firebird-support/
>
>To unsubscribe from this group, send an email to:
> firebird-support-unsubscribe@yahoogroups.com
>
>Your use of Yahoo! Groups is subject to:
> http://docs.yahoo.com/info/terms/
>
>
>
>
>--
>Incoming mail is certified Virus Free.
>Checked by AVG Anti-Virus (http://www.grisoft.com).
>Version: 7.0.209 / Virus Database: 261.5.6 - Release Date: 1/2/2004
>
>.
Best regards.
Jim McKay
JMcKay@...
2004-01-05 20:02:46
--
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.209 / Virus Database: 261.5.6 - Release Date: 1/2/2004