Hello Alex,
> To work with encrypted database file we need a tool to encrypt database.
> I see 3 possible solutions for it. In all 3 cases some plugin dependent
> parameter may be passed to plugin. In all cases one may use decrypt
> instead encrypt to make
>
> 1. ALTER DATABASE ENCRYPT WITH<PLUGIN_NAME> { ('PARAMETER') }
> This SQL implementation has one main advantage - it looks (I think) very
> native for SQL server.
>
> 2. gfix -encrypt<plugin> {-cryptpar<parameter>} database
> gfix passes plugin name and parameter in DPB, the rest of activity are
> like in database validation. This implementation looks like most simple
> to implement.
>
> 3. Use of special utility: fbdbcrypt -encrypt<plugin> {-cryptpar
> <parameter>} {-verbose} local-database
> Certainly, appropriate support in services will be present.
> This method looks ugly at first, but it has one great advantage -
> ability to have switch 'verbose' and let user watch progress with
> database encryption.
>
> I like method 3 best of all - long silent validation in gfix is
> definitely not good thing. With SQL it's also not clear how to make
> crypt report progress. But I'd like to know what do others think.
Have you had a look on how InterBase handles encryption (p. 207ff.)?
http://docs.embarcadero.com/products/interbase/IBXEUpdate3/DataDef.pdf
In InterBase it is AFAIK pure SQL and what also seems to be useful is
separating duties as there seems to be a special user SYSDSO. As far as
I can see, encryption in InterBase is only possible when Embedded User
Authentication is used. Anyway, I don't say that's the way to go, but
possibly worth to check for some ideas ...
I have two questions on Firebird encryption?
- I guess this all is transparent to the client?
- Is a backup, either via gbak or nbackup of an encrypted database
automatically encrypted as well?
Thanks,
Thomas
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
