Subject Re: [firebird-support] Re: Embedded and "security"
Author Alexandre Benson Smith
kogerbnz wrote:
>> Basically, if you opt for the embedded model, the only way to protect
>> your database is by setting permissions on the database file.
>> If you want to delve deeper into this subject, here's a good paper
>> about Firebird security (HTML and PDF versions):
> Thanks for the link, it's a really good.
> In my case, I wish to base the encryption of a key only known by the
> user, that way I don't a problem with storing it on the computer.
> The application must run on Windows ME, so protecting the file using
> the OS is not possible.
> I think this gives me two options
> 1) Encrypt user data when I insert it into the database, and decrypt
> it on retrieval. That's not really practical for my use, because I
> would have to encrypt a lot of fields.

Take care about inequality and sort operations that won't work on
encrypted values.

> 2) Encrypt the whole database file. Since my database file will be
> pretty small, this should be possible. The only problem I see; is that
> the decrypted file has to be available somewhere while my application
> is running. If the application isn't closed correctly, the decrypted
> file is freely available.

Use a volume encryption software (like truecrypt), the file would be
available until de volume is mounted, but it has provision so umount the
volume after a period of inactivity, etc.

> Any comments on this? something I missed or misunderstood ;-)

see you !

Alexandre Benson Smith
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil