20.11.2015 11:48, Alex Peshkoff wrote: >> That may sound good, but in reality cannot gain any additional >> security. Besides, the >> >information was already passed via remote module. > Only in some cases. In case of embedded usage (i.e. when protection of a > key from open source code makes some sense) - not at al.
But even in this case crypt plugin and key holder have no way to identify themselves to each other. >> > Yes, I still have that letter in mail box and can quote: "key, >> > distributed over a lot >> >of boxes will stop to be secret very soon". > Yes. And ability to add plugin at client side, to which (moreover) > requests are redirected from the server by default provokes such design. That's not our area of responsibility. We provide opportunities, not enforce solutions. Nothing prevents anybody from edit of firebird.conf and disable default key holder. >> > Imagine a server that require for start working with database a >> > connection from secured >> >laptop of security officer. This officer himself has no rights in database, >> >but is the >> >only source of key. >> > > In that case I see no difference between plugin and special application > doing same job. > Or that officer should start IbExpert with plugin near anyway having no > rights in database? It is up to that system designer, not me or you. -- WBR, SD. ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
