On 22/08/15 02:03, Geoff Worboys wrote: >> Second question: If you would consider in-disk database >> > encryption, on a scale of 1 to 5 how important is unattended >> > startup, i.e. no human to enter a password, given that it's >> > probably impossible to make such a system robustly secure? > 3 > > 3 reflects my ambivalence to this aspect. As you point out, > automatic makes robust security impossible, however, it is a > feature that can be convenient - even if only for testing and > development purposes.
My immediate reaction was "store the password in a file, to which FB knows the path". That way, if that path is a USB stick, you've immediately got a choice between "leave the stick in for unattended startup, or tape it to the side of the server so any tom dick or harry with physical access can get it up". Or for really secure, the stick is in the sysadmin's pocket so only he can get it back up :-) Cheers, Wol ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel