Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Postfix (mostly comments & documentation) for core-5472
- Loading branch information
1 parent
a5f73c5
commit 2df9f4f
Showing
4 changed files
with
89 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,39 @@ | ||
All files in this directory are trivial samples. | ||
They do not perform any real data encryption and should not be used in production! | ||
************************************************************************************** | ||
* All files in this directory are trivial samples. * | ||
* They do not perform any real data encryption and should not be used in production! * | ||
************************************************************************************** | ||
|
||
Brief description of the sample. | ||
|
||
Sample contains 3 components - DbCrypt plugin, KeyHolder plugin and application, which can pass | ||
crypt key to server. Plugins do not perform any real encryption (XOR with single byte hardly can | ||
be treated as encryption though makes database useless without crypt plugin), key is sent between | ||
components in plain form - they just demonstrate what calls in plugins should be done and what | ||
methods should be implemented in order for plugin to start to work. | ||
|
||
Depending upon settings in configuration file plugins may use different ways to manage encryption | ||
key. DbCrypt's configuration file may contain following parameters: | ||
Auto - boolean value, when FALSE plugin queries KeyHolder plugin for key value (this is default), | ||
when TRUE get key value from "Value" configuration parameter. | ||
Value - integer value (lower byte is actually used), used in "Auto" mode as key value (default 90). | ||
|
||
CryptKeyHolder's configuration file may contain following parameters: | ||
Auto - boolean value, when FALSE plugin queries client application for key value (this is default), | ||
when TRUE get key value from configuration file by name or use default (90) for unnamed key. | ||
Key{Name} - integer value, a key with name "Name" (i.e. when one issues "ALTER DATABASE ENCRYPT ... | ||
KEY Doggy" configuration parameter KeyDoggy should be present). | ||
OnlyOwnKey - boolean value, enables/disables use of a key from another key holder in SuperServer. | ||
Default value is TRUE (i.e. only key, owned by this KeyHolder, can be used by related | ||
attachment). | ||
|
||
Crypt application has a few parameters making it possible to demonstrate different operations. | ||
-e - Encrypt database (use gstat to monitor crypt progress). | ||
-d - Decrypt database. | ||
-l - Locally execute SELECT statement returning name of currently attached user. | ||
-r - Execute same statement using remote datasource 'localhost:employee'. To make it work | ||
user "test" with password "test" should be created in employee database. If employee was | ||
encrypted in advance this demonstrates passing database crypt key through the chain of | ||
key holders. | ||
|
||
cryptDb.pas is a minimum (XOR using fixed key hardcoded in plugin body) sample of database crypt | ||
plugin written on Pascal. Was tested with both FreePascal and Delphi. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters