On 11/30/11 23:37, Carlos H. Cantu wrote: > AdSF> If anyone write it and distribute it, it's easy for anyone. And it's not > AdSF> difficult to write it. > > Maybe it is not difficult for core developers, but I don't think any of > you will spend time with such thing, uh? > >>> Things will get better when crypto plugins and local users becomes a >>> reality for FB. >>> >>> > AdSF> I don't think it will. You see case above. > > If DB is encrypted and there is local users, I suspect chances of > someone stoling it and being able to check procedure code is very low.
Well, this depends upon where the crypt key is stored. It's possible to build a schema with which one can crypt database in relatively safe way (i.e. it will be hard to steal DB even having file-level access to it). To be precise as safe as safe is the key, stored in application. If anyone finds the way to steal that key from application - database is unprotected any more. That's based upon checking hash of loaded firebird embedded library, where application passes (or not, if hash does not match) the crypt key. The best in this approach is that not only SQL code, but also data can't be used without an application which knows the key. Unfortunately, that does not work for remote access. Even if we use a kind of safe, encrypted channel to talk to server and pass they key to it, how can we avoid installing another copy of server, which will dump passed "secret" key? Returning to source dropping. I agree with Adriano - as soon as such re-compiler is written (and this is not too hard thing to do), converting BLR to SQL is trivial. Therefore let's better say that we save space, used by source BLOBs in database, using 'drop source' command :-) This at least does not make us responsive for anyone using such "security". ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
