> Financial requirements are that the data can only be read by
> appropriate people and the system DBA is not (usually) one
> of them. The DBA can access the data using any tools
> available, but must only see encrypted values.

This is a common problem - few businesses fully appreciate just
how visible their data is to the system administrators and
support personnel (often from other companies).

Even your solution can be quite vulnerable: lots of study goes
into retrieving data based on context; the ability to obtain
copies of encrypted data over time can be used to help break
the encryption; key management with inexperienced users can be
a big problem.

And, of course, your solution limits what can be done using
server based processing - a major requirement for applications
using client/server systems like Firebird.


But despite the limitations and vulnerabilities it can be that
client-based encryption is required to solve some problems,
particularly in larger, very tightly managed, environments.
My experience with small business suggests that they will
remain dependent on the honesty of their system administrators
(the administrators will probably already know the passwords
and keys of many users... I have found that users just blurt
them out assuming you will have to know before you can help).

--
Geoff Worboys
Telesis Computing