|
|
|
FairCom DB Standalone and FairCom DB Standalone SQL Service support encryption of data, index, and transaction log files. This technology provides the means to add an extra level of confidentiality to an application’s data. Once encrypted, it becomes difficult for a user to "dump" or "inspect" the data.
Advanced File Encryption includes a suite of protocols that will protect user data by what is loosely called "strong encryption" with a certain amount of performance overhead. Historically, enabling encryption impacted database performance, however with modern hardware performance, the impact of data encryption is approaching negligible levels for most applications.
The algorithms and protocols used are based on three primitives:
When advanced encryption is enabled, FairCom DB Standalone SQL Service prompts for a master password at startup by default. For high availability, options are available to use a local key store file to maintain and verify the master password. The system administrator may encrypt existing files using the ctcv67 utility.
Developers can also implement the FairCom DB Server SDK to replace this prompt with an application-specific method of retrieving the master password.
Note: Prior to enabling advanced encryption, understand that there is no practical way to recover encrypted data without knowing the master password that was used to encrypt it. This applies to backed up data as well as live data. If a master password is changed, be sure to retain the old master password for any backups that may still be encrypted with the previous master password.
