17.11.2015 17:40, Leyne, Sean wrote: > For me, the sequence of operations for accessing a database would be: > > - Client initiates connection to remote server, requesting access to database > XYZ.fdb (there is nothing new in the connection string other than what is > available now) > - engine tries to open database XYZ.fdb and read header page > - engine determines that header page reads "I am encrypted and need key with > name = ABCD" > - engine determines (through server/database config settings) which plug-in > to use > - engine loads/calls plug-in asking "I have database which needs key with > name = ABCD, are you able/ready to work?" > - if plug-in says "Yes", then the engine proceeds with database open, and all > non-header page operations are channeled through the plug-in > - if plug-in says "No", then engine stops the database open, and returns > error to client.
Currently it is this way: - Client application set callback for providing a key - client application initiates connection to a database - engine reads header - engine reads crypt-plugin name from header - engine loads the plugin - plugin ask all configured key holders "does anybody have a key for me?" - keyholder either can give the key or call application's callback to get confirmation beforehand - if any piece of the chain raise error, connect fail - if provided key is wrong, engine crash -- WBR, SD. ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel