| Subject | Re: Encryption |
|---|---|
| Author | Emil Totev |
| Post date | 2009-06-17T06:43Z |
I remember seeing somewhere a suggestion that Firebird could already support page-level encryption by two user-defined functions to encode the page before writing it and decode it after reading. I guess this is the way to go without losing any engine functionality. Please if anyone has better memories or actual knowledge, comment on this.
A way to encrypt the database would be a very nice feature for firebird, especially in the embedded usage case. I'm currently using Truecrypt volumes, but I would prefer a native firebird solution, even if not that professionally secure. The basic principle seems to be the same however - truecrypt encrypts on a block level, without trying to understand the file system data, so you could use different filesystems, and we need something to encrypt on a page level without trying to understand the database structure. At some point I was even thinking of using the truecrypt device as a raw device for the database, but this is not supported on Windows I think.
A way to encrypt the database would be a very nice feature for firebird, especially in the embedded usage case. I'm currently using Truecrypt volumes, but I would prefer a native firebird solution, even if not that professionally secure. The basic principle seems to be the same however - truecrypt encrypts on a block level, without trying to understand the file system data, so you could use different filesystems, and we need something to encrypt on a page level without trying to understand the database structure. At some point I was even thinking of using the truecrypt device as a raw device for the database, but this is not supported on Windows I think.
--- In firebird-support@yahoogroups.com, Aage Johansen <aagjohan@...> wrote:
>
> I believe encryption of Firebird databases has been discussed
> earlier, but I could not anything in the RoadMap (from early 2008) -
> is there a later one?
>
> Now, the situation is that I may be required to provide encryption
> within the databases in the not-too-distant future. Don't ask why -
> it is decided so high up in government that people don't really know
> the consequences of their actions. They probably don't know what it
> is they really want to accomplish either, but think encryption will
> be the solution (end of rant).
>
> This may mean that without the ability to encrypt the database (or
> fields in the tables) we could find that Firebird is no longer a
> viable option. Sigh. The encryption facilities doesn't have to be
> provided by the Fb project - a third party solution would be
> acceptable (if it were at all possible). Encrypted backups will
> probably be a must. Encrypted communication as well (ZeBeDee might
> solve this). Disc encryption will not do (as far as I have
> heard). I haven't seen the actual requirements yet so the above may
> be a little fuzzy.
>
> Any thoughts/consolation/comments welcome.
>
> --
> Aage J.
>