| Subject | Firebird encryption (Re: [firebird-support] Firebird embedded?) |
|---|---|
| Author | Lauchlan Mackinnon |
| Post date | 2005-06-26T03:14:50Z |
Hi Alan,
Thanks for the link.
Some questions:
1.)
<<
While Firebird itself provides no built-in encryption features there are
some excellent products that do. You could install software that creates an
encrypted volume on your computer and locate the database file (and any
other confidential data) on that volume. When the computer is shut down all
data exists in an encrypted file and cannot be accessed without the key.
When you start the computer you have to mount the encrypted volume and
supply the secret key before the data can be accessed. This additional, and
necessarily manual, step in the start up process may be inconvenient but it
can provide excellent security for unattended computer systems.
Software with these capabilities include: "Bestcrypt" from Jetico
(www.jetico.com) and "PGPDisk" (www.pgpi.org/products/pgpdisk/ - note that
this link goes to an old freeware version, that site has links to newer
commercial versions of the product). There are others but these are two that
I have used myself.
2.)
<<
Before the database could be accessed the secret key would need to be
supplied. Giving the decryption key to the user would be pointless, simply
bringing us back to the original problem. So, presumably, whenever the
customer restarts the server, they would call the developer, who would then
dial in and enter the needed key. Even if this were practicable, it is not
necessarily going to solve the problem. For example; the customer could
install some monitoring software on their server to detect the key as it is
entered.
...
Firebird is an open source product. If the encryption facilities were built
in, or open source plug-in libraries were used, it would be feasible for
users to build their own versions of the server or plug-in that not only
performed the necessary encryption and decryption to access the protected
database but also output the key, or simply output the decrypted details
directly. The developer, not being in control of the server, can neither
detect nor prevent such activity.
You might consider building your own version of the Firebird server with the
decryption key hidden in the executable. However, decompilers are available.
It would not take long to discover the key simply by comparing the
decompiled versions of your custom Firebird build with the normal,
unencrypted version.
security you are pursuing. Firstly, if you want the highest level of
security, you could use SSL and send the client certificate by courier.
Secondly, if you don't need the highest level of security but still need
encryption etc, you could choose which encryption algorithm etc to use, and
the key, and have this hidden in the executable, and use a product such as
IonWorx secure code (http://www.ionworx.com/SecureCode.html) to protect
against reverse engineering.
While the product could be reverse engineered by someone with enough time
and experience, it could not be easily done, and there would be some effort
and skill required.
But if real security is required, there is the SSL option. I guess if real
security is required, at the end of the day SSL or equivalent is required.
What are the plans for security/encryption in FB2?
Thanks!
Lauchlan Mackinnon
> please read this carefullyhttp://www.firebirdsql.org/index.php?op=doc&sub=contrib&id=fb_meta_security
>
Thanks for the link.
Some questions:
1.)
<<
While Firebird itself provides no built-in encryption features there are
some excellent products that do. You could install software that creates an
encrypted volume on your computer and locate the database file (and any
other confidential data) on that volume. When the computer is shut down all
data exists in an encrypted file and cannot be accessed without the key.
When you start the computer you have to mount the encrypted volume and
supply the secret key before the data can be accessed. This additional, and
necessarily manual, step in the start up process may be inconvenient but it
can provide excellent security for unattended computer systems.
Software with these capabilities include: "Bestcrypt" from Jetico
(www.jetico.com) and "PGPDisk" (www.pgpi.org/products/pgpdisk/ - note that
this link goes to an old freeware version, that site has links to newer
commercial versions of the product). There are others but these are two that
I have used myself.
>>how well do these solutions work? Does anyone have experience with them?
2.)
<<
Before the database could be accessed the secret key would need to be
supplied. Giving the decryption key to the user would be pointless, simply
bringing us back to the original problem. So, presumably, whenever the
customer restarts the server, they would call the developer, who would then
dial in and enter the needed key. Even if this were practicable, it is not
necessarily going to solve the problem. For example; the customer could
install some monitoring software on their server to detect the key as it is
entered.
...
Firebird is an open source product. If the encryption facilities were built
in, or open source plug-in libraries were used, it would be feasible for
users to build their own versions of the server or plug-in that not only
performed the necessary encryption and decryption to access the protected
database but also output the key, or simply output the decrypted details
directly. The developer, not being in control of the server, can neither
detect nor prevent such activity.
You might consider building your own version of the Firebird server with the
decryption key hidden in the executable. However, decompilers are available.
It would not take long to discover the key simply by comparing the
decompiled versions of your custom Firebird build with the normal,
unencrypted version.
>>I'm not sure I agree with this analysis . . . it depends what level of
security you are pursuing. Firstly, if you want the highest level of
security, you could use SSL and send the client certificate by courier.
Secondly, if you don't need the highest level of security but still need
encryption etc, you could choose which encryption algorithm etc to use, and
the key, and have this hidden in the executable, and use a product such as
IonWorx secure code (http://www.ionworx.com/SecureCode.html) to protect
against reverse engineering.
While the product could be reverse engineered by someone with enough time
and experience, it could not be easily done, and there would be some effort
and skill required.
But if real security is required, there is the SSL option. I guess if real
security is required, at the end of the day SSL or equivalent is required.
What are the plans for security/encryption in FB2?
Thanks!
Lauchlan Mackinnon