If the on disk file is encrypted as stated in my discussion, and the sysdba
is limited or prevented from connecting as also stated, then this will run
on a non-controlled environment.
The question is, what level of encryption is needed? You can encrypt the
entire database, certain pages of the database or specific defined files of
a database. Each of these levels can in turn be encrypted with a
different key.
For example, you may want the entire database to be encrypted - the only
way to open the database is by using a custom embedded fb client, or
passing the master key with the connection string.
Then, when trying to open a data page that has a different encryption key,
the user would either have to provide it or not connect. You can have
private/public keys, or any one of many known secure methods of protecting
the on disk files while having it in a non-controlled environment.
This is all part of the encryption/decryption/authentication methods that
have been discussed for years.
My proposal was to implement a standard ddl method to address the needs
that also provides new functionality. I also stated that this can be done
immediately without the application of the new encryption/authorization
layers by just using the same DDL to actually delete the source code. ie
- take away the need for touching the system tables while providing a way
of getting the same job done.
On 4 September 2014 10:57, Dimitry Sibiryakov <s...@ibphoenix.com> wrote:
> 04.09.2014 16:49, Dalton Calford wrote:
> > So, DDL statements such as GRANT VIEW which is used by MS SQL for
> metadata security could
> > be applied to FB.
>
> No, they couldn't unless Firebird is run in controlled environment
> which is not the
> case of topic starter.
>
> --
> WBR, SD.
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/
> Firebird-Devel mailing list, web interface at
> https://lists.sourceforge.net/lists/listinfo/firebird-devel
>
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
