Inicio Explorar Axuda
Iniciar sesión
FirebirdDB
/
firebird
réplica de https://github.com/FirebirdSQL/firebird.git
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Rama: work/gh-8869-using-statement
Ramas Etiquetas
firebird
/
examples
/
dbcrypt
/
ReadMe.txt

ReadMe.txt 2.5 KB
Permalink Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839 
  1. **************************************************************************************
    2. 

  2. *				All files in this directory are trivial samples.					 *
    3. 

  3. * They do not perform any real data encryption and should not be used in production! *
    4. 

  4. **************************************************************************************
    5. 

  5. 

  6. Brief description of the sample.
    7. 

  7. 

  8. Sample contains 3 components - fbSampleDbCrypt plugin, fbSampleKeyHolder plugin and application,
    9. 

  9. which can pass crypt key to server. Plugins do not perform any real encryption (XOR with single
    10. 

  10. byte hardly can be treated as encryption) though makes database useless without crypt plugin,
    11. 

  11. key is sent between components in plain form - they just demonstrate what calls in plugins
    12. 

  12. should be done and what methods should be implemented in order for plugin to start to work.
    13. 

  13. 

  14. Depending upon settings in configuration file plugins may use different ways to manage encryption
    15. 

  15. key. fbSampleDbCrypt's configuration file may contain following parameters:
    16. 

  16. Auto - boolean value, when FALSE plugin queries KeyHolder plugin for key value (this is default),
    17. 

  17. 	when TRUE get key value from "Value" configuration parameter.
    18. 

  18. Value - integer value (lower byte is actually used), used in "Auto" mode as key value (default 90).
    19. 

  19. 

  20. fbSampleKeyHolder's configuration file may contain following parameters:
    21. 

  21. Auto - boolean value, when FALSE plugin queries client application for key value (this is default),
    22. 

  22. 	when TRUE get key value from configuration file by name or use default (90) for unnamed key.
    23. 

  23. Key{Name} - integer value, a key with name "Name" (i.e. when one issues "ALTER DATABASE ENCRYPT ...
    24. 

  24. 	KEY Doggy" configuration parameter KeyDoggy should be present).
    25. 

  25. OnlyOwnKey - boolean value, enables/disables use of a key from another key holder in SuperServer.
    26. 

  26. 	Default value is TRUE (i.e. only key, owned by this KeyHolder, can be used by related
    27. 

  27. 	attachment).
    28. 

  28. 

  29. Crypt application has a few parameters making it possible to demonstrate different operations.
    30. 

  30. -e - Encrypt database (use gstat to monitor crypt progress).
    31. 

  31. -d - Decrypt database.
    32. 

  32. -l - Locally execute SELECT statement returning name of currently attached user.
    33. 

  33. -r - Execute same statement using remote datasource 'localhost:employee'. To make it work
    34. 

  34. 	 user "test" with password "test" should be created in employee database. If employee was
    35. 

  35. 	 encrypted in advance this demonstrates passing database crypt key through the chain of
    36. 

  36. 	 key holders.
    37. 

  37. 

  38. cryptDb.pas is a minimum (XOR using fixed key hardcoded in plugin body) sample of database crypt
    39. 

  39. plugin written on Pascal. Was tested with both FreePascal and Delphi.
    40.