| Subject | Re: [firebird-support] Re: how to protect DATA |
|---|---|
| Author | Doug Chamberlin |
| Post date | 2007-07-13T00:03:27Z |
At 01:13 PM 7/12/2007, jesus martinez wrote:
It amounts to nothing in the end. But it's your choice, of course, because
only you can place the value on the hidden data.
Here's an idea:
Try using www.truecrypt.com to create an encrypted volume (in a file) that
is then distributed to your clients. The FB database lives inside this
encrypted volume. True Crypt is installed on the client machine along with
your application. Your app then invokes the command line interface to True
Crypt to mount the encrypted volume and make it available on a selected
drive letter. To accomplish this your app would have to create a process
and run the True Crypt program passing into it the appropriate parameters
including the pass phrase. While your app runs the volume is accessible but
when your app exits it tells True Crypt to dismount the volume.
Advantages: Uses off the shelf modules that are unchanged, involves minimal
programming, each step in the process can be checked/debugged
independently, protects the data completely if only the encrypted volume is
examined, minimizes exposure of the pass phrase, uses open source components
Disadvantages: Exposes the pass phrase during volume mounting, requires the
app store the pass phrase (unless you want to require the client to enter
it), forces the database to be accessed from an encrypted store which will
slow access, requires installation of an additional program, content of the
encrypted volume is exposed to view while your app is running
>we think that encrypting (ofuscating) the data isI think you are fooling yourself if you think obfuscating will be enough.
>enought. the problem is how to do it with FB.
>
>any idea ?
It amounts to nothing in the end. But it's your choice, of course, because
only you can place the value on the hidden data.
Here's an idea:
Try using www.truecrypt.com to create an encrypted volume (in a file) that
is then distributed to your clients. The FB database lives inside this
encrypted volume. True Crypt is installed on the client machine along with
your application. Your app then invokes the command line interface to True
Crypt to mount the encrypted volume and make it available on a selected
drive letter. To accomplish this your app would have to create a process
and run the True Crypt program passing into it the appropriate parameters
including the pass phrase. While your app runs the volume is accessible but
when your app exits it tells True Crypt to dismount the volume.
Advantages: Uses off the shelf modules that are unchanged, involves minimal
programming, each step in the process can be checked/debugged
independently, protects the data completely if only the encrypted volume is
examined, minimizes exposure of the pass phrase, uses open source components
Disadvantages: Exposes the pass phrase during volume mounting, requires the
app store the pass phrase (unless you want to require the client to enter
it), forces the database to be accessed from an encrypted store which will
slow access, requires installation of an additional program, content of the
encrypted volume is exposed to view while your app is running