| Subject | Re: [firebird-support] Encrypt tables |
|---|---|
| Author | Doug Chamberlin |
| Post date | 2010-11-21T12:18:29Z |
On 11/20/2010 10:12 PM, W O wrote:
Some need the data encrypted in the database file, itself, while stored.
Others need the data encrypted while it is in use, such as when it is
being transmitted between the storage engine and the application. Some
need both. Some need the data structure of the database to be hidden
from legitimate users and others need data in selected tables to be hidden.
Satisfying all these needs using a design that is correctly implemented
is hard. Some say impossible. What I think everyone agrees on is that
when dealing with security, if one part of the solution is flawed, even
in a minor way, then the whole solution fails and that having no
solution is better than having one that you have false confidence in.
Other databases have "less than secure" implementations of encryption
and we do not want Firebird to join them just to have "encryption"
checked off on its feature list.
If you want to contribute to this discussion then the firebird-architect
mailing list is the place to do it at this point.
--
Cheers! Doug C.
--
> [Encryption] would be nice and very useful.I agree. However, be aware that this is a multifaceted and complex area.
Some need the data encrypted in the database file, itself, while stored.
Others need the data encrypted while it is in use, such as when it is
being transmitted between the storage engine and the application. Some
need both. Some need the data structure of the database to be hidden
from legitimate users and others need data in selected tables to be hidden.
Satisfying all these needs using a design that is correctly implemented
is hard. Some say impossible. What I think everyone agrees on is that
when dealing with security, if one part of the solution is flawed, even
in a minor way, then the whole solution fails and that having no
solution is better than having one that you have false confidence in.
Other databases have "less than secure" implementations of encryption
and we do not want Firebird to join them just to have "encryption"
checked off on its feature list.
If you want to contribute to this discussion then the firebird-architect
mailing list is the place to do it at this point.
--
Cheers! Doug C.
--