Subject Re: Undocumented internal encrypt/decrypt in FB
Author Andreas Pohl
--- In firebird-support@yahoogroups.com, Alexandre Benson Smith
<iblist@...> wrote:
> I am sorry, but I think you are wrong, or I missed something.
>
> gbak is a client app as any other.
>
> it asks fbserver that read the encrypted file, and send *unencrypted
> data* to the client... if the server sends encrypted data to the
client,
> then client was unable to see anything useful.

I use standard gbak to produce an encrypted db via restore from a
decrypted backup file and vice versa. This is not only working in
theorie...

And as an additional approach there is an db owner <> sysdba with a
password stored on the dongle. Nobody outside my environment knows a
valid username/password combination (and within my app I use a
two-phase-login with "silent login" of db owner first).. So, even if
you have physical access to all areas of the pc with available dongle
and with tools and knowledge of firebird security system you have to
know db owner/user and valid password to produce a decrypted copy of db.

--
Andreas