Enhance control upon ability to share database crypt key between attachments in
SS
----------------------------------------------------------------------------------
Key: CORE-5442
URL: http://tracker.firebirdsql.org/browse/CORE-5442
Project: Firebird Core
Issue Type: Improvement
Components: Engine
Affects Versions: 3.0.1, 3.0.0, 4.0 Initial
Environment: SS
Reporter: Alexander Peshkov
Currently in case of SS architecture the first attachment which passed correct
dbcrypt key works as unlocker for all further attachments - database key on SS
is shared among all attachments using same DBB. In some cases (distributed
encrypted databases) such behavior is highly undesired. Initially I've supposed
that all functionality related with reject of key-less attachments may be
implemented by KeyHolder plugin. Unfortunately such plugin in many cases can't
efficiently distinguish between bad and correct key, provided by an attachment.
Moreover, the only reliable way to check is a key correct is to pass it to
DbCrypt plugin and ask it to validate a key. That task can be performed only by
CryptoManager code (only it has all required information about loaded plugins).
KeyHolder plugin must just inform CryptoManager about a kind of provided key -
should it be use only by own attachments or may be shared between attachments.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
