Subject Re: [firebird-support] Re: how to protect DATA
Author Doug Chamberlin
At 01:13 PM 7/12/2007, jesus martinez wrote:
>we think that encrypting (ofuscating) the data is
>enought. the problem is how to do it with FB.
>any idea ?

I think you are fooling yourself if you think obfuscating will be enough.
It amounts to nothing in the end. But it's your choice, of course, because
only you can place the value on the hidden data.

Here's an idea:

Try using to create an encrypted volume (in a file) that
is then distributed to your clients. The FB database lives inside this
encrypted volume. True Crypt is installed on the client machine along with
your application. Your app then invokes the command line interface to True
Crypt to mount the encrypted volume and make it available on a selected
drive letter. To accomplish this your app would have to create a process
and run the True Crypt program passing into it the appropriate parameters
including the pass phrase. While your app runs the volume is accessible but
when your app exits it tells True Crypt to dismount the volume.

Advantages: Uses off the shelf modules that are unchanged, involves minimal
programming, each step in the process can be checked/debugged
independently, protects the data completely if only the encrypted volume is
examined, minimizes exposure of the pass phrase, uses open source components

Disadvantages: Exposes the pass phrase during volume mounting, requires the
app store the pass phrase (unless you want to require the client to enter
it), forces the database to be accessed from an encrypted store which will
slow access, requires installation of an additional program, content of the
encrypted volume is exposed to view while your app is running