>> Financial requirements are that the data can only be read by

>> appropriate people and the system DBA is not (usually) one

>> of them. The DBA can access the data using any tools

>> available, but must only see encrypted values.



>This is a common problem - few businesses fully appreciate just

>how visible their data is to the system administrators and

>support personnel (often from other companies).



>Even your solution can be quite vulnerable: lots of study goes

>into retrieving data based on context; the ability to obtain

>copies of encrypted data over time can be used to help break

>the encryption; key management with inexperienced users can be

>a big problem.

(A bit off topic; sorry Helen) I do not claim that my solution is perfect, only that it meets certain requirements. The key thing is to read and understand the requirements at the outset.

Most financial systems will now require this as a minimum.

Back on topic, but on another tack, MS SqlServer allows for encryption of stored procedure statements. From a developer's perpective, this is a great benefit and one which I would love to see in Firebird. It is in fact one of only two reasons where I prefer SQLServer. There are of course other reasons for where I prefer Firebird.

wb