|Subject||Re: Undocumented internal encrypt/decrypt in FB|
--- In email@example.com, Geoff Worboys <geoff@...> wrote:
> To the best of my knowledge TrueCrypt works as designed, but
> that does not automatically make it a perfect security system.
I'm using a solution for years that's combining copy protection and
encryption. So I use a solution of my dongle distributor  that is
limited to windows only system and server installation of FB:
1. Patching fbserver.exe to run only if dongle is available
2. As an additional option patched fbserver.exe is only working
with encryption in i/o-processes with special/all file extensions
3. Open a database with extension that is marked as unencrypted and
backup it to a database with extension that is marked for encryption.
4. Restore backup file with "encrypted" extension
5. Deliver to costumer a fbserver.exe with no chance to produce
- Nothing to change in code or database
- No performance penalties
- All tools/udf etc. are working with databases maintained with
- Very robust and easy to maintain system
- Copy protection of main application is not needed: I use copy
protection and encryption of firebird instead
- Because of encryption of security.fdb there is no way to "change"
sysdba account outside my app if you are not able to produce a
working security.fdb with known account datas.
- Copied databases are unreadable on fbserver systems without patched
version of fbserver.exe ( which needs a present dongle ).
- I use it for a CRM solution in mobile environment (notebooks for
field staff/sales force).
- Needs additional hardware ($50 per installation)
- Needs additional driver installation
- Only windows server installations are supported