On 04/25/2016 11:28 AM, Emil Totev wrote: > How difficult would it be to get the user password to the encryption / > key holder plugin, especially for an embedded connection?
I will start from the most simple part - embedded connection. As far as I understand you ask about password which is used to login to the server (isc_dpb_password) Unfortunately question makes no sense - for embedded connection password is not needed at all and no authentication plugin is used (even when password is present in DPB it's just ignored). On the other hand it's not too hard to add to firebird engine a code, passing isc_dpb_password value to key holder plugin (as one of a keys for example). But that hardly makes much sense on my mind. What about remote case - passing password in current state f code is close to impossible. Password NEVER travels over the wire (except of legacy authentication). Certainly one can write plugin which will send password from client to server but that's definitely very bad idea from security POV. Certainly a trick similar to embedded can help (and password will be sent over already encrypted line in that case) but I'm afraid that's a bit not what you were asking about. > If possible > at all, would this require new authentication plugin or key holder > plugin or both? New key holder plugin and some changes in it's interfaces. > Applications using embedded connections would benefit most from > database encryption, and using the password (which can be supplied, > but is not used for authentication) for this seems to be an easy way > to seamlessly integrate it. Don't think so. Sending a key (password will be a key in this case, yes?) in DPB is the best way to help malicious user steal it. ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
