[interesting] Database Encryption

Ruslan Zasukhin sunshine at public.kherson.ua
Wed Jan 22 10:28:51 CST 2003 

on 1/22/03 10:04 PM, Peter McConachie at pmccon at bigpond.net.au wrote:

>> Peter,
>> 
>> This not help too much.
> 
> Ruslan,
> This discussion has been of great help. It really should appear in the
> documentation.

Well, then I CC this to Valentina list to share info.

>> MAY BE we have next case:
>> 
>> -- May be you have work with your db, add / DELETE records.
>> Valentina do not erase records self. So may be you see DELETED space.
>> And of course Valentina do not encrypt it.
>> 
>> -- You need encrypt db from scratch. And add records.
>> 
>> -- IF you need encrypt existed records, then may be you need compact db at
>> first...but this still will not erase some bytes on segments.
>> 
>> You see point ?
>> 
>> IF you start from empty encrypted db you will not see records never.
> 
> I'm an idiot. 
> 
> I looked at the .dat file I sent you and could find strings from the tables
> in my original 36 table dBase that were deleted in making the 4 table sample
> I sent you.
> 
> I compacted the 4 table test and reencrypted. All these strings have gone. I
> don't know what I was thinking not to compact before encrypting in the first
> place.
> 
> The new compacted & encrypted dBase does still show some recognisable data
> in String and VarChar fields. These may well correlate with previous
> deletions. I will check this when I rebuild my database from new.
> 
> 
> I can see that the simplest scheme is to encrypt only current tables and
> fields - totally ignoring the rest.

Explain this point please.

It seems to me more easier encrypt the whole db.
Also note, that not viSQL, not future XML dump probably will not support
decryption of separate BaseObject and or fields. This feature is ONLY for
programmers. Just no way in GUI support this options. Or very hard.

> I can live with this PROVIDED that when one drops a field or table the data
> remains encrypted. Can you confirm what happens when a table/field is
> dropped from an encrypted database?

> It would be a security weakness, if in deleting a record the data loses
> encryption. Can you confirm what happens when a record is deleted from an
> encrypted database?

Of course segments of deleted field ARE NOT decrypted.
They stay AS IS.

> I'm not certain that it is wise not to encrypt the deleted records within
> active fields and tables. I think this is going to catch users. It seems to
> me that it may be safer to encrypt all data that can't be removed by
> compaction. This wont effect me because I will now rebuild my databases from
> scratch.

Peter, this issue will be covered in 2.0
By additional parameter of database

        db.ZeroDeleted

You will be able set it to true, then Valentina will spend time to secure
erase deleted records.

-- 
Best regards,
Ruslan Zasukhin      [ I feel the need...the need for speed ]
-------------------------------------------------------------
e-mail: ruslan at paradigmasoft.com
web: http://www.paradigmasoft.com

To subscribe to the Valentina mail list go to:
http://listserv.macserve.net/mailman/listinfo/valentina
-------------------------------------------------------------

More information about the Valentina mailing list