| Subject | Re: [firebird-support] Re: Undocumented internal encrypt/decrypt in FB |
|---|---|
| Author | Dmitry Yemanov |
| Post date | 2007-07-17T08:31:59Z |
PenWin wrote:
robust?
I agree that what you propose can be done easily but it would satisfy
the fbembed users only. Those who has a standalone FB installation would
prefer a server-side centralized key management plus network protocol
encryption. And I'm afraid that the "quick" design done right now could
defeat the more generic security scheme design.
You may find the related description here:
http://tech.groups.yahoo.com/group/Firebird-Architect/message/8842
Dmitry
>The key providing mechanism is also in-place in the codebase.
> As I understand it, the main issue here is providing Firebird with
> per-connection encryption key, as it is obviously worthless to build it
> right into the executable, correct?
> Firebird itself could reasonably claim security ("we are usingWill you hardcode the key into your executable? Do you think it's really
> as-yet-unbroken AES, with the key supplied by the user at connection time")
robust?
I agree that what you propose can be done easily but it would satisfy
the fbembed users only. Those who has a standalone FB installation would
prefer a server-side centralized key management plus network protocol
encryption. And I'm afraid that the "quick" design done right now could
defeat the more generic security scheme design.
You may find the related description here:
http://tech.groups.yahoo.com/group/Firebird-Architect/message/8842
Dmitry