Subject Re: [firebird-support] Re: Undocumented internal encrypt/decrypt in FB
Author Dmitry Yemanov
PenWin wrote:
> As I understand it, the main issue here is providing Firebird with
> per-connection encryption key, as it is obviously worthless to build it
> right into the executable, correct?

The key providing mechanism is also in-place in the codebase.

> Firebird itself could reasonably claim security ("we are using
> as-yet-unbroken AES, with the key supplied by the user at connection time")

Will you hardcode the key into your executable? Do you think it's really

I agree that what you propose can be done easily but it would satisfy
the fbembed users only. Those who has a standalone FB installation would
prefer a server-side centralized key management plus network protocol
encryption. And I'm afraid that the "quick" design done right now could
defeat the more generic security scheme design.

You may find the related description here: