On 07.06.2018 20:01, Dimitry Sibiryakov wrote:
07.06.2018 18:40, Alex Peshkoff via Firebird-devel wrote:
Ability to easily get ncryption key from working connections mean
badly written KeyHolder.
No matter how well is written KeyHolder, thanks to CLOOP signatures
it is very easy to identify and hijack encrypt/decrypt routines of
crypt plugin itself.
As I've already said if one has access to server's RAM there are a lot
of ways to get both unencrypted data & keys.
But that's 'slightly' different level compared with intercepting of
network messages.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
