On 8/27/18 1:52 PM, Adriano dos Santos Fernandes wrote:
On 27/08/2018 06:15, Alex Peshkoff via Firebird-devel wrote:
In firebird4 we have improved hash() function in order to make it
support various kinds of hashes. But except hashes there are a lot of
other crypto-related tasks that may be useful to execute directly from
SP & triggers. Does it make sense to add functions (may be UDR?) for
signing something and verifying that sign or various cyphers to
encrypt/decrypt data? Please pay attention that database (specially
encrypted) is not bad place to store various keys in it.
Why would we add *User* Defined Routines with non core functionality?
IMO sometimes is better to let user create they extensions, or create
them in side projects.
But if a functionality is decided to be created in the engine, then it's
better to write as a system package using the internal engine (created
in time zones branch).
I have to admit that initial idea to use non-builtin functions (no
matter - as UDRs or in system package) for crypt support seems to
seriously limit possible implementation. The reason is missing functions
with varying parameter datatype and varying number of parameters. First
functionality in needed in encryption using symmetric block & stream
ciphers (one can provide data to be encrypted as blob or varbinary) and
hashes (current builtin hashes can work with any field). Next when
dealing with hashes there is strong desire to be able to get hash not of
only single value - i.e. HASH (value USING SHA1) - but extend it to
HASH(val1, val2, ..., valN USING SHA1). And this is also impossible for
non-builtins.
Therefore I tend to expand set of builtin functions with approximately
15 crypt-related functions as a minimal set (symmetric ciphers in
various modes support, stream ciphers, RSA sign&crypt, checksums (crc32)).
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
