Re: Firebird DB - What Does Anyone Know?
- From: Bill Ferguson <wbfergus@xxxxxxxxx>
- To: srcdco@xxxxxxx
- Date: Tue, 15 Sep 2009 10:09:01 -0600
Scott -
For the encryption part, it doesn't sound very good, relying on the OS
to do it for you (http://www.firebirdfaq.org/faq160/).
How to protect data in Firebird database?
Short answer: use encryption
Long:
Firebird does not have any encryption integrated, but there are
various solutions you can add.
One is to encrypt all the data on the client before saving to database
columns, and decrypt while reading. The only problem with this is
stuff like indexing and searching. While indexing on foreign and
primary keys will still be effective, searching the data with STARTING
WITH or numeric operators (less then, more than, etc.) won't be able
to use index as you would have to decrypt the data before you can
compare it.
Second solution is to encrypt the filesystem where Firebird database
is stored. There are cross-platform solutions like TrueCrypt, EncFS or
BestCrypt that do this:
http://www.truecrypt.com
http://luks.endorphin.org/
http://67.18.211.246/encfs
http://www.jetico.com/
If you only use Linux, there are various tools and libraries for this.
Take a look at these articles for some examples:
http://www.redhatmagazine.com/2007/01/18/disk-encryption-in-fedora-past-present-and-future/
http://www.redhatmagazine.com/2007/06/13/dual-password-encryption-with-encfs/
Possible problems with this approach are slower access to database and
the fact that the unencrypted database is readable while your
application is running.
Third, since Firebird is open source, you can alter the code that
reads and writes pages to the disk to encrypt and decrypt them. Of
course, you would have to find a suitable way for client to send the
decryption key to the engine. Please note that this means that all
users use the same key.
--
-- Bill Ferguson
--
//www.freelists.org/webpage/oracle-l
Other related posts:
