> >> If there's any interest, I have some ideas on how to handle > >> unattended startup of an encrypted database that we could kick around. > > I would like to have such a discussion, since I have found the discussion of > the whole "key holder" discussion a little obtuse and seemingly mixing > remote client/connection security with database file encryption. > > So here's a simple scheme. The basic idea of a redundant set of lightweight > key servers running at various points in the network. When a database wants > to start up, it runs through a list of key server addresses looking for one > that > is actually running. If it finds one, it establishes a secure connection and > asks > for the decryption key. The key server notes the IP address of the requester > and returns the appropriate key. Probably a good idea to toss in a database > name as well.
Doesn't the need for a key server make the problem more complicated that required? Although I think it should be supported, via engine/config. I was referring to a more basic/straight-forward deployment. I have experience using web portal from ADP for processing my payroll. In order to access the portal, not only do I need user credentials but also my PC needs to have a SSL cert installed on my PC (and that cert needs to be installed on any PC that I want to access the portal from). So, following this model, I see my user credentials as the same as the typical FB database user credentials. And my user cert being equivalent of the cert that would be assigned/linked to the database. Sean ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
