> To work with encrypted database file we need a tool to encrypt database.
> I see 3 possible solutions for it. In all 3 cases some plugin dependent
> parameter may be passed to plugin. In all cases one may use decrypt
> instead encrypt to make
Encryption must be resistent to the database shutdown\server restart and so
on.
Therefore it must be restartable. As we going to add "encrypted" flag for each
page
we can know pages that already encrypted. To not read whole database searching
for the not encrypted pages after restart i offer to store last encrypted page
number
at header page (also, obviously, we need to store encription state on the
header
such as "clear", "encrypted", "encryption is in progress", "decryption is in
progress").
So, i see whole process as fully asyncronous and any way below will just
start
encryption\decryption in the database and return immediately. We also could
implement
ability to query status\progress of encryption\decryption work and to
suspend\resume it.
> 1. ALTER DATABASE ENCRYPT WITH <PLUGIN_NAME> { ('PARAMETER') }
> This SQL implementation has one main advantage - it looks (I think) very
> native for SQL server.
I, personally, prerfer SQL statement.
> 2. gfix -encrypt <plugin> {-cryptpar <parameter>} database
> gfix passes plugin name and parameter in DPB, the rest of activity are
> like in database validation. This implementation looks like most simple
> to implement.
>
> 3. Use of special utility: fbdbcrypt -encrypt <plugin> {-cryptpar
> <parameter>} {-verbose} local-database
> Certainly, appropriate support in services will be present.
> This method looks ugly at first, but it has one great advantage -
> ability to have switch 'verbose' and let user watch progress with
> database encryption.
>
> I like method 3 best of all - long silent validation in gfix is
> definitely not good thing. With SQL it's also not clear how to make
> crypt report progress. But I'd like to know what do others think.
Just my 0.02 uah,
Vlad
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
