On 11/18/2015 08:27 PM, Leyne, Sean wrote: > >>> Again, I feel that they issue of client/server connection encryption and >> database encryption are being co-mingled. >>> Database encryption is about the engine's ability to access/work with a >> database, there should be absolutely no client dependency. >> >> More than 80% of encryption cases are expected to be applications >> distributed together with databases. They are usually single-user and often >> use the embedded Firebird. In this case it's really logical to allow the >> client >> application to manage the key. > Then, this is solution should be described in the context of how the embedded > engine will support encryption. This thread was about SS/other engines.
For distributed databases I see no solution for non-embedded engine. In embedded case application can validate on the run correctness of loaded components (yvalve, engine, plugins) and depending upon it provide or not a key to them. In remote case it will have to send secret key over the wire to probably modified engine. No idea how can it be secure. ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
