James Starkey wrote: > I'm curious about how important people consider on-disk > encryption to be. I have two questions. > First question: On a scale from 1 (don't care, wouldn't use > it) to 5 (I need it yesterday) how important to us is the > ability to encrypt database files. [...]
2 My first reaction was 1, but if it existed there is a chance I would use it, or at least make it an option for my clients to use it if they wanted. But I probably wouldn't recommend it. On-disk encryption is a 5 for me, but I had it "yesterday" via my preferred solution of a separate product to manage encrypted volumes. Good encryption is hard to get exactly right, having it isolated to its own product allows that aspect to be managed and analysed separately - and allows you to use a product that has been widely used and tested by people in the field that know what they're doing. > Second question: If you would consider in-disk database > encryption, on a scale of 1 to 5 how important is unattended > startup, i.e. no human to enter a password, given that it's > probably impossible to make such a system robustly secure? 3 3 reflects my ambivalence to this aspect. As you point out, automatic makes robust security impossible, however, it is a feature that can be convenient - even if only for testing and development purposes. -- Geoff Worboys Telesis Computing Pty Ltd ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
