On 11/20/2015 01:56 PM, Dimitry Sibiryakov wrote:
> 20.11.2015 11:48, Alex Peshkoff wrote:
>>> That may sound good, but in reality cannot gain any additional
>>> security. Besides, the
>>>> information was already passed via remote module.
>> Only in some cases. In case of embedded usage (i.e. when protection of a
>> key from open source code makes some sense) - not at al.
> But even in this case crypt plugin and key holder have no way to identify
> themselves to
> each other.
They can. Callback format is:
uint callback(uint dataLength, const void* data, uint bufferLength,
void* buffer);
I.e. they can pass any data between each other.
>>>> Yes, I still have that letter in mail box and can quote: "key,
>>>> distributed over a lot
>>>> of boxes will stop to be secret very soon".
>> Yes. And ability to add plugin at client side, to which (moreover)
>> requests are redirected from the server by default provokes such design.
> That's not our area of responsibility. We provide opportunities, not
> enforce solutions.
> Nothing prevents anybody from edit of firebird.conf and disable default key
> holder.
I.e. you suggest as default unsafe opportunity.
Defaults should be configured as safe as possible.
------------------------------------------------------------------------------
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
