> Hello, Vlad!
>
> Tuesday, April 3, 2012, 2:36:23 PM, you wrote:
>
>>> Because I consider decryption as a "single-user" operation. Seems you
>>> want people to work with DB while it is being encrypted.
>
> VK> Of course ! "single-user" operations is BAD in *multy-user* software,
> let not
- Original Message -
From: "Dmitry Kuzmenko"
To: "For discussion among Firebird Developers"
Sent: Tuesday, April 03, 2012 1:52 PM
Subject: Re: [Firebird-devel] tool for encryptingdatabaseinitially(andprobably
decrypting it)
> Hello, Vlad!
>
> Tuesday, April 3, 2012, 2:36:23 PM, you
Hello, Alex!
Tuesday, April 3, 2012, 2:13:32 PM, you wrote:
AP> But there is another important usage. It's a case, when databases are
AP> distributed pre-filled with some important data, and authors wish to
AP> make sure that only application, written by them, can access such
AP> database. In thi
Hello, Vlad!
Tuesday, April 3, 2012, 2:36:23 PM, you wrote:
>> Because I consider decryption as a "single-user" operation. Seems you
>> want people to work with DB while it is being encrypted.
VK> Of course ! "single-user" operations is BAD in *multy-user* software,
let not
VK> create one m
On 04/03/12 14:36, Vlad Khorsun wrote:
Pages itself does not need that flags - they are being written
in atomic way, so they can't be "in progress".
>> VK> This flag is *required* to distinguish encrypted pages. I don't
>> understand
>> VK> why do you object it.
>>
>> Because I cons
>>> Pages itself does not need that flags - they are being written
>>> in atomic way, so they can't be "in progress".
>
> VK> This flag is *required* to distinguish encrypted pages. I don't
> understand
> VK> why do you object it.
>
> Because I consider decryption as a "single-user" operatio
Hello, Vlad!
Tuesday, April 3, 2012, 1:18:05 PM, you wrote:
VK> How do you going to detect still not encrypted pages if you against
VK> "encrypted" flag ?
Well, the question is over - InterBase uses pag->pag_flags (highest
bit of this byte, i.e. x80) to indicate page is encrypted or not.
For
> I meant 12345 checksum that was fixed since InterBase 5. So, page
> checksums are not "guards" of the pages for a long time. They are just
> indicators, that if there no 12345, page can be considered as crap.
Anyway not good crypt indicator - in some rare cases it can be 12345 on
encrypted page
On 04/03/12 13:38, Dmitry Kuzmenko wrote:
> Hello, Alex!
>
> Tuesday, April 3, 2012, 1:02:56 PM, you wrote:
>
> AP> As far as I can see from IB documentation, they do not support
> AP> distribution of encrypted databases mode. Am I right?
>
> what do you mean by "distribution" ? Several database
>
Hello, Vlad!
Tuesday, April 3, 2012, 1:18:05 PM, you wrote:
>> - not all db pages need to be encrypted. for example PIP, TIP, etc.
>> Performance effect of decrypting/encrypting these pages can be
>> disasterous.
VK> Where it conflicts with my proposition ?
wrote just for the case.
VK> a)
Hello, Alex!
Tuesday, April 3, 2012, 1:09:34 PM, you wrote:
AP> Ceratinly, we should not encrypt something except data, index and blob
AP> pages.
sure.
AP> Storing last encypted page sometimes is good compromise not to read
AP> whole DB I think.
well, since the databases are big enough, I need
Hello, Alex!
Tuesday, April 3, 2012, 1:02:56 PM, you wrote:
AP> As far as I can see from IB documentation, they do not support
AP> distribution of encrypted databases mode. Am I right?
what do you mean by "distribution" ? Several database
on the same server, encrypted with one key? No.
Database
Hello, Alex!
Tuesday, April 3, 2012, 12:52:39 PM, you wrote:
>> As far as
>> I can see, encryption in InterBase is only possible when Embedded User
>> Authentication is used.
AP> Strange limitation.
EUA, as you know, causes users being stored in database, not in
admin.ib.
Thus, when moving th
> VK> Encryption must be resistent to the database shutdown\server restart
> and so on.
> VK> Therefore it must be restartable. As we going to add "encrypted" flag for
> each page
> VK> we can know pages that already encrypted. To not read whole database
> searching
> VK> for the not encrypt
On 04/03/12 13:03, Dmitry Kuzmenko wrote:
> Hello, Vlad!
>
> Tuesday, April 3, 2012, 12:44:07 PM, you wrote:
>
> VK> Encryption must be resistent to the database shutdown\server restart
> and so on.
> VK> Therefore it must be restartable. As we going to add "encrypted" flag for
> each page
>
Hello, Vlad!
Tuesday, April 3, 2012, 12:44:07 PM, you wrote:
VK> Encryption must be resistent to the database shutdown\server restart
and so on.
VK> Therefore it must be restartable. As we going to add "encrypted" flag for
each page
VK> we can know pages that already encrypted. To not read
On 04/03/12 12:45, Dmitry Kuzmenko wrote:
> Hello, Alex!
>
> Tuesday, April 3, 2012, 11:55:16 AM, you wrote:
>
> AP> To work with encrypted database file we need a tool to encrypt database.
> AP> I see 3 possible solutions for it. In all 3 cases some plugin dependent
> AP> parameter may be passed
On 04/03/12 12:49, Dimitry Sibiryakov wrote:
> 03.04.2012 10:44, Vlad Khorsun wrote:
>> To not read whole database searching
>> for the not encrypted pages after restart i offer to store last encrypted
>> page number
>> at header page (also, obviously, we need to store encription state on the
>>
> 03.04.2012 10:44, Vlad Khorsun wrote:
>> To not read whole database searching
>> for the not encrypted pages after restart i offer to store last encrypted
>> page number
>> at header page (also, obviously, we need to store encription state on the
>> header
>> such as "clear", "encrypted", "encr
On 04/03/12 12:19, Thomas Steinmaurer wrote:
>
> Have you had a look on how InterBase handles encryption (p. 207ff.)?
> http://docs.embarcadero.com/products/interbase/IBXEUpdate3/DataDef.pdf
>
> In InterBase it is AFAIK pure SQL
Yes, is see.
> and what also seems to be useful is
> separating d
03.04.2012 10:44, Vlad Khorsun wrote:
> To not read whole database searching
> for the not encrypted pages after restart i offer to store last encrypted
> page number
> at header page (also, obviously, we need to store encription state on the
> header
> such as "clear", "encrypted", "encryption i
Hello, Alex!
Tuesday, April 3, 2012, 11:55:16 AM, you wrote:
AP> To work with encrypted database file we need a tool to encrypt database.
AP> I see 3 possible solutions for it. In all 3 cases some plugin dependent
AP> parameter may be passed to plugin. In all cases one may use decrypt
AP> instea
> To work with encrypted database file we need a tool to encrypt database.
> I see 3 possible solutions for it. In all 3 cases some plugin dependent
> parameter may be passed to plugin. In all cases one may use decrypt
> instead encrypt to make
Encryption must be resistent to the database shut
On 04/03/12 12:13, Dimitry Sibiryakov wrote:
> 03.04.2012 9:55, Alex Peshkoff wrote:
>> This method looks ugly at first, but it has one great advantage -
>> ability to have switch 'verbose' and let user watch progress with
>> database encryption.
>What prevent gfix from using services API and
Hello Alex,
> To work with encrypted database file we need a tool to encrypt database.
> I see 3 possible solutions for it. In all 3 cases some plugin dependent
> parameter may be passed to plugin. In all cases one may use decrypt
> instead encrypt to make
>
> 1. ALTER DATABASE ENCRYPT WITH { (
03.04.2012 9:55, Alex Peshkoff wrote:
> This method looks ugly at first, but it has one great advantage -
> ability to have switch 'verbose' and let user watch progress with
> database encryption.
What prevent gfix from using services API and showing the progress?..
--
SY, SD.
---
To work with encrypted database file we need a tool to encrypt database.
I see 3 possible solutions for it. In all 3 cases some plugin dependent
parameter may be passed to plugin. In all cases one may use decrypt
instead encrypt to make
1. ALTER DATABASE ENCRYPT WITH { ('PARAMETER') }
This SQL i
27 matches
Mail list logo
