On 18/11/2015 12:36, Alex Peshkoff wrote: > On 11/18/2015 04:44 PM, Adriano dos Santos Fernandes wrote: >> On 18/11/2015 11:40, Alex Peshkoff wrote: >>> On 11/17/2015 07:52 PM, Adriano dos Santos Fernandes wrote: >>>> On 17/11/2015 14:48, Dimitry Sibiryakov wrote: >>>>> 17.11.2015 17:40, Leyne, Sean wrote: >>>>>> For me, the sequence of operations for accessing a database would be: >>>>>> >>>>>> - Client initiates connection to remote server, requesting access to >>>>>> database XYZ.fdb (there is nothing new in the connection string other >>>>>> than what is available now) >>>>>> - engine tries to open database XYZ.fdb and read header page >>>>>> - engine determines that header page reads "I am encrypted and need key >>>>>> with name = ABCD" >>>>>> - engine determines (through server/database config settings) which >>>>>> plug-in to use >>>>>> - engine loads/calls plug-in asking "I have database which needs key >>>>>> with name = ABCD, are you able/ready to work?" >>>>>> - if plug-in says "Yes", then the engine proceeds with database open, >>>>>> and all non-header page operations are channeled through the plug-in >>>>>> - if plug-in says "No", then engine stops the database open, and returns >>>>>> error to client. >>>>> Currently it is this way: >>>>> >>>>> - Client application set callback for providing a key >>>> Why a callback instead of directly passing it to attach/create? >>>> >>>> Hot does different clients (my application x IBExpert) will work with an >>>> encrypted database if the applications are wrote by different developers >>>> and plugins are not standard? >>>> >>> Sometimes it's highly desired not to let standard tools access encrypted >>> database - first of all for distributed databases. >>> >>> >> Well, but sometimes it is! >> >> Applications developers will need to develop their own tools to work >> with encrypted databases outside their applications? > 2 main usages of database encryption: > - protect distributed database from unauthorized access, > - protect database from access if server became physically available to > third party (something like stolen). > > In first case it's clear - IBExpert should not work at all. Not true. If I have my certificate in Windows and need to put a password to access it, it doesn't matter if it's done by my application or IBExpert.
If the design is to disallow this, the design is weak as that could be easily bypassed with a custom fbclient. Adriano ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
