On Monday, August 24, 2015, Brian Vraamark <brian.vraam...@plandent.dk> wrote:
> > If you have 50 clients, you have 50 ways to access the master encryption > key (database encryption key). If you steal the client-vaults, server-vault > and the database, there would be 50 persons with a password that can > decrypt the database. Jim's idea puts the database security in the hands of > the company staff instead of the server admin. It is easier to keep a > secret with 1 person then it is with 50. It is easier to sue one person > over 50 for stealing data. True, but it requires that both the server be stolen and one of those persons be untrustworthy. An easier strategy for attacker would be to replace the Firebird image and capture the encyption key no matter how it was retrieved. > > Jim's idea MAY be flawless - people are not! Sigh, true. Still, it's worthwhile noodling how to restrict the damage of one brain fade. The speaking of NSA, are people aware that NSA was a major early Interbase customer? At the time, the head of our users' group was a serving NSA officer. While it was nice to have a customer without budget issues, it was quite frustrating to get a statement every month (sans check) stamped "this transaction is subject to the Federal Government Prompt Payment Act." I'd rather have had the check. > > > /Brian Vraamark > > > > ------------------------------------------------------------------------------ > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel > -- Jim Starkey
------------------------------------------------------------------------------
Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel