> On 04/04/2012 10:32, Vlad Khorsun wrote: >>> On 04/04/2012 10:14, Vlad Khorsun wrote: >>>>> Getting half-crypted DB copy is something too exotic :-) >>>> Physical backup is "physical backup", i.e. page-level copy of a >>>> database. It have >>>> nothing common with encryption state, and i see no problem if physical >>>> backup of >>>> half-encrypted database is also half-encrypted. For the paranoid admins we >>>> can make >>>> option in nbackup to encrypt pages before writting them into backup (of >>>> course file >>>> system copy will be half-encrypted, but admins are informed and have a >>>> choice). >>>> >>>> I see no reason to disallow backup's while encryption is in progress. >>>> >>>> >>> And what about the contrary? >>> >>> If database is in backup-mode and you start encryption, original >>> database will be maintained unencrypted >> Yes >> >>> and it will be rewritten encrypted in the delta file? >> Delta file will contain encrypted pages, yes. And at the merge step >> they will go to >> database file. >> >>> Then whole delta file will be rewritten to the database when backup ends? >> At merge step - sure. >> >>> Sounds not wise. >> What the problem ? While "encryption in progress" state we anyway have >> part of >> database encrypted and other part non-encrypted. Why physical backup confused >> you ? >> >> > It don't "confuse me". It's just dumb.
Hmm... > You ask for encryption, but a file is maintained unencrypted, and it > will be reported as encrypted (cause header page was rewritten in delta). You refer to the case, when encryption is finished while physical backup is in progress ? >From the logical POV, database is *really* encrypted in this case. Because >database is database file *plus* delta file. If you look at database file only, you look not at database but at backup of level 0 at most. > It will rewrite data two times (encrypt in delta, merge delta), and > since the main file is maintained unencrypted until the merge, it's just > dumb. Do you have better idea ? Disable backup is a smart ? Note, nobody forced DBA to make encryption and physical backup at the same time. BTW, are you going to disable sweep, for example, while physical backup is active ? ;) > Considering that backup is happening doing more IO, it will just slow > things down for no reason. There is reason : sometime backup *must* be made despite of all else. If DBA can live without backup, it should not run it while database is not finished encryption process. > The only reason to accept this scenario is that it will work > automatically, but as I said, it's not wise. I still see no reason to disable something just because it is not effective. Sometime efficiency is not a primary goal and could be sacrified by security. This is DBA who run backup and this is DBA who run encryption. Our task is to document how operation should be made and to warn about possible issues. Regards, Vlad ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel