On 11/14/2015 5:54 PM, Dimitry Sibiryakov wrote: > 14.11.2015 23:16, Jim Starkey wrote: >> So here's a simple scheme. The basic idea of a redundant set of >> lightweight key servers running at various points in the network. When a >> database wants to start up, it runs through a list of key server >> addresses looking for one that is actually running. If it finds one, it >> establishes a secure connection and asks for the decryption key. The >> key server notes the IP address of the requester and returns the >> appropriate key. Probably a good idea to toss in a database name as well. > If no single key server is accessible, the database is locked up. > Static "white" IP address on client side is required. > Database on a laptop is inaccessible completely.
Excuse me? Can't the guy on the laptop enter the key? Do remember that we're talking about unattended startup. If you want to define the problem for encrypting a database on a machine off the network in the possession of a bad guy, then whole disk encryption is the only way to go. But I don't think that's what we're talking about here. > > I'm afraid that that's not what customers would pay for. > ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
