Subject Re: Undocumented internal encrypt/decrypt in FB
Author Andreas Pohl
Hi Geoff,

--- In, Geoff Worboys <geoff@...> wrote:
> To the best of my knowledge TrueCrypt works as designed, but
> that does not automatically make it a perfect security system.

I'm using a solution for years that's combining copy protection and
encryption. So I use a solution of my dongle distributor [1] that is
limited to windows only system and server installation of FB:

1. Patching fbserver.exe to run only if dongle is available
2. As an additional option patched fbserver.exe is only working
with encryption in i/o-processes with special/all file extensions
3. Open a database with extension that is marked as unencrypted and
backup it to a database with extension that is marked for encryption.
4. Restore backup file with "encrypted" extension
5. Deliver to costumer a fbserver.exe with no chance to produce
unencrypted databases


- Nothing to change in code or database
- No performance penalties
- All tools/udf etc. are working with databases maintained with
patched fbserver.exe
- Very robust and easy to maintain system
- Copy protection of main application is not needed: I use copy
protection and encryption of firebird instead
- Because of encryption of security.fdb there is no way to "change"
sysdba account outside my app if you are not able to produce a
working security.fdb with known account datas.
- Copied databases are unreadable on fbserver systems without patched
version of fbserver.exe ( which needs a present dongle ).
- I use it for a CRM solution in mobile environment (notebooks for
field staff/sales force).


- Needs additional hardware ($50 per installation)
- Needs additional driver installation
- Only windows server installations are supported