Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » DBISAM Technical Support » Support Forums » DBISAM Client/Server » View Thread |
Messages 1 to 9 of 9 total |
Encryption types |
Sun, Mar 11 2018 7:45 PM | Permanent Link |
Graham Mylne | Hi
I was just wondering what the differences in the encryption processes are. There is RemoteEncryption and then there is the table encryption. Are they essentially the same thing its just that the table based encryption ensures the data is encrypted at rest and you can specify what tables to encrypt if you don't want them all. Is there a speed/performance difference between the two? |
Mon, Mar 12 2018 12:38 AM | Permanent Link |
Raul Team Elevate | On 3/11/2018 7:45 PM, Graham Mylne wrote:
> I was just wondering what the differences in the encryption processes are. There is RemoteEncryption and then there is the table encryption. Are they essentially the same thing its just that the table based encryption ensures the data is encrypted at rest and you can specify what tables to encrypt if you don't want them all. Yes, table encryption is encryption at rest - meaning actual on-disk table is encrypted. Remoteencryption encrypts data in transit when using client server (C/S with DBSRVR). They are independent - one can use remoteenryption to ensure network traffic is encrypted but source table itself is not encrypted. Raul |
Mon, Mar 12 2018 1:51 AM | Permanent Link |
Graham Mylne | Ok awesome thats what i need just in transit, it seems really fast still, i didnt notice any performance changes, does it require a password to work or is that just another safeguard?
|
Mon, Mar 12 2018 10:30 AM | Permanent Link |
Raul Team Elevate | On 3/12/2018 1:51 AM, Graham Mylne wrote:
> Ok awesome thats what i need just in transit, it seems really fast still, i didnt notice any performance changes, does it require a password to work or is that just another safeguard? > It does require a password to work but there is a default one specified (elevatesoft)- it's basically a shared secret type where you have to match them on server and client. Even though everything works with defaults you might want to configure this further: 1. DBSRVR has "Encryption Password" INI setting so you can change the default password on server Internally this setting : https://www.elevatesoft.com/manual?action=viewprop&id=dbisam4&product=rsdelphiwin32&version=10T&comp=TDBISAMEngine&prop=ServerEncryptionPassword 2. DBSRVR allows both plain text and encrypted connections still but you can enforce entryption using the "Encrypted Only" setting in the DBSRVR INI This setting internally: https://www.elevatesoft.com/manual?action=viewprop&id=dbisam4&product=rsdelphiwin32&version=10T&comp=TDBISAMEngine&prop=ServerEncryptedOnly 3. On client side you need to use remote session and then set the RemoteEncryption property https://www.elevatesoft.com/manual?action=viewprop&id=dbisam4&product=rsdelphiwin32&version=10T&comp=TDBISAMSession&prop=RemoteEncryption 4. Again on client side you need to set RemoteEncryptionPassword https://www.elevatesoft.com/manual?action=viewprop&id=dbisam4&product=rsdelphiwin32&version=10T&comp=TDBISAMSession&prop=RemoteEncryptionPassword In terms of performance there will be small overhead since each data block would need to be encrypted on sender and decrypted on receiver but this in most cases is not noticeable - as you observed. Raul |
Mon, Mar 12 2018 6:47 PM | Permanent Link |
Graham Mylne | Awesome response Raul, much appreciated.
|
Fri, Mar 16 2018 1:45 AM | Permanent Link |
Graham Mylne | Hi Raul
Do you know what happens when you set an encryption password and do not enforce encrypted connections? When the password is not the default password, any app that connects, including dbsys, requires a username and password but im not using an encrypted connection. |
Fri, Mar 16 2018 1:45 AM | Permanent Link |
Graham Mylne | Just not sure why it requires login credentials and fails if there is a password.
|
Fri, Mar 16 2018 7:46 AM | Permanent Link |
Raul Team Elevate | On 3/16/2018 1:45 AM, Graham Mylne wrote:
> Just not sure why it requires login credentials and fails if there is a password. Graham, Can you clarify - i'm not sure of the question. If you do not enforce encryption at the dbsrvr then client can connect either with or without encryption - it's now up to client to specify using RemoteEncryption option if it wants to use encryption. Normal username/password authentication is still used and required in both cases. Raul |
Sun, Mar 18 2018 1:49 AM | Permanent Link |
Graham Mylne | Its basically something about our transaction code, I worked out that for some reason between our start and commit transactions we are setting the connection to encrypted but we are not reconnecting. We connect without encryption on, then start a transaction, call a server side procedure, then commit and its showing as encrypted. I am not sure quite why. I dont think i will worry too much at the moment i at least know where its doing it regardless but it is fine.
|
This web page was last updated on Thursday, March 28, 2024 at 08:36 AM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |