Subject | Re: Undocumented internal encrypt/decrypt in FB |
---|---|
Author | Adam |
Post date | 2007-07-16T22:52:56Z |
> i also want to thanks to all of you that gave usNo, you were told that it was built in encryption was investigated but
> your points of view about the issue.
>
> unaffortunatelly what i got was this answer: forget
> the idea of having an encrypted FB at the moment,
> right ?
abandoned (for the moment) because of the problems of key management
and because of the existence of third party tools to solve the problem.
You can encrypt your data in two ways.
1. With your application before it hits the DBMS.
2. With a file system level encryption.
Even though YOU may not be trying to secure nuclear weapon access
codes, and for YOU, a simple XOR based obscurity is sufficient, if
Firebird claimed to offer built in encryption, you must understand why
it could not be so easily breakable if offered by a DBMS.
I use NTFS encryption on my laptop, and run the Firebird service under
an account that has access to the database (my account does not have
this access). I can not (without knowing the password and logging in
as the Firebird user etc) view the contents of that file.
Of course, as someone who knows the SYSDBA password, I can make a
backup and view that in a hex editor.
Adam