Issue Details (XML | Word | Printable)

Key: CORE-6220
Type: Improvement Improvement
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Alexander Peshkov
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Enable delivery of known to the client key to any connection to the server

Created: 09/Jan/20 03:45 PM   Updated: 09/Jan/20 04:19 PM
Component/s: API / Client Library, Security
Affects Version/s: None
Fix Version/s: 4.0 Beta 2

QA Status: No test


 Description  « Hide
In some cases it's necessary to run standard utilities (like gfix) or services tasks against encrypted database on remote server. When database key is known to the client there are no security issues with using that key in any attachment tot database including standard utilities.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Peshkov added a comment - 09/Jan/20 04:18 PM - edited
Existing plugins should be checked before used with this new feature. Although no new methods are added existing one may be called in a sequence not used before.
There are 2 known issues:
1. If key transfer is performed in a multi-step way sequence of that calls may be wrong (as a simple example - when first request from server is expected by plugin fbclient may pass to it data normally used with second request). Make sure plugin returns zero (i.e. data not accepted) in such cases.
2. Method chainHandle() was used before only to bypass a key through holder plugin. To make subj work KeyHolder at the client side should be able to load keys from some external source and sent them using interface returned by chainHandle().