At July 12, 2017, 5:44 AM, Jiří Činčura wrote:

>> I think it makes more sense on the connection string. It already contains
>> sensitive info (username,password) and needing to provide connection
>> related info by another method would be counter intuitive.

> Good point.

> In my thinking I saw two problems, slightly different from what password
> does. The key can be binary data and that's difficult to pass in string.
> And the key might be stored on some HSM.

> Not that it would rule out connection string completely, it just makes
> fit less, IMO.

Binary  data  should be able to be represented with hexadecimal.  And,
don't forget that whatever is chosen has to be easily implemented when
using Entity Framework.

We are looking at implementing our own encryption plugin, but still
undecided how the key will be passed, since our application uses a mix
of Delphi(IBDAC) and C#(EF6). Our initial thought is that it will have
to be on the server with the database, since we can't find proper
documentation on how to pass it from the client, even with the
database management tools, although it is part of Firebird's
architecture. It seems to be one area that third-party tools and
components haven't taken much time implementing, maybe because that
there is no disk encryption plugin provided out-of-the-box with
Firebird, and not enough user interest.

Having said that, keep up the excellent work Jiri.

And, I'm hoping that I will have the time in the next few weeks to
create a VSIX installer for DDEX, because the registry entries are not
staying and I have to add them everytime that I need to add EF6 classes
to  represent  tables.  Once created, it will surely be contributed to
the project.

Best regards,
 Daniel Rail
 Senior Software Developer
 ACCRA Solutions Inc. (www.accra.ca)
 ACCRA Med Software Inc. (www.filopto.com)

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-net-provider mailing list

Reply via email to