Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable delivery of known to the client key to any connection to the server [CORE6220] #6464

Closed
firebird-automations opened this issue Jan 9, 2020 · 3 comments

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: @AlexPeshkoff

In some cases it's necessary to run standard utilities (like gfix) or services tasks against encrypted database on remote server. When database key is known to the client there are no security issues with using that key in any attachment tot database including standard utilities.

Commits: 0453bbe

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-automations
Copy link
Collaborator Author

Commented by: @AlexPeshkoff

Existing plugins should be checked before used with this new feature. Although no new methods are added existing one may be called in a sequence not used before.
There are 2 known issues:
1. If key transfer is performed in a multi-step way sequence of that calls may be wrong (as a simple example - when first request from server is expected by plugin fbclient may pass to it data normally used with second request). Make sure plugin returns zero (i.e. data not accepted) in such cases.
2. Method chainHandle() was used before only to bypass a key through holder plugin. To make subj work KeyHolder at the client side should be able to load keys from some external source and sent them using interface returned by chainHandle().

@firebird-automations
Copy link
Collaborator Author

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 4.0 Beta 2 [ 10888 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants