kogerbnz wrote:

>> Basically, if you opt for the embedded model, the only way to protect
>> your database is by setting permissions on the database file.
>> If you want to delve deeper into this subject, here's a good paper
>> about Firebird security (HTML and PDF versions):
>>
>> http://www.firebirdsql.org/manual/fbmetasecur.html
>> http://www.firebirdsql.org/pdfmanual/Firebird-Security.pdf
>>
>
> Thanks for the link, it's a really good.
>
> In my case, I wish to base the encryption of a key only known by the
> user, that way I don't a problem with storing it on the computer.
> The application must run on Windows ME, so protecting the file using
> the OS is not possible.
> I think this gives me two options
>
> 1) Encrypt user data when I insert it into the database, and decrypt
> it on retrieval. That's not really practical for my use, because I
> would have to encrypt a lot of fields.
>

Take care about inequality and sort operations that won't work on
encrypted values.

> 2) Encrypt the whole database file. Since my database file will be
> pretty small, this should be possible. The only problem I see; is that
> the decrypted file has to be available somewhere while my application
> is running. If the application isn't closed correctly, the decrypted
> file is freely available.
>

Use a volume encryption software (like truecrypt), the file would be
available until de volume is mounted, but it has provision so umount the
volume after a period of inactivity, etc.

> Any comments on this? something I missed or misunderstood ;-)
>

see you !

--
Alexandre Benson Smith
Development
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil
www.thorsoftware.com.br