Adam,

<< In EDB, I'm a little stuck on how best to achieve this. I notice an
option to 'Encrypt Table On Disk', but there's no option anywhere to
actually specify the password. >>

The encryption password is controlled via the TEDBEngine.EncryptionPassword
property, and all encryption in the engine (disk/comms) is handled using the
same password.  The general idea is that the purpose is for encryption, not
for user security.  EDB has its own complete user security model for that,
which DBISAM lacked:

http://www.elevatesoft.com/manual?action=viewtopic&id=edb2sql&topic=User_Security

If you have any other questions, please let me know.

Tim Young
Elevate Software
www.elevatesoft.com

Uli,

<< I talked about that with Tim quite often and asked him to simplify that -
at the moment it seems that he has not the time to change something. >>

I've got this logged.  At the moment I'm re-doing the entire EDB
reverse-engineering so that it is dependency-aware, and have been working on
this for the last few weeks.  The problem that I've got now with EDB is that
most of the remaining issues/enhancements are the most difficult problems to
solve and are absolute time-killers, so I'm working through them as fast as
possible.

Tim Young
Elevate Software
www.elevatesoft.com

Tim

>The problem that I've got now with EDB is that
>most of the remaining issues/enhancements are the most difficult problems to
>solve and are absolute time-killers,

and doesn't it get frustrating working for ages before you see anything happening?

Roy Lambert

Roy,

> I haven't tried that. Have you? If you're right its something that
would be easy enough to do programmatically.

Yes, I did that before. In addition I tried it again with a small sample
database just before posting here.

Uli

Uli


>Yes, I did that before. In addition I tried it again with a small sample
>database just before posting here.


Brill. I've added your post to the tips.

Roy Lambert

Tim,

> The problem that I've got now
> with EDB is that most of the remaining issues/enhancements are the most
> difficult problems to solve and are absolute time-killers, so I'm
> working through them as fast as possible.

I see, no problem. Don't feel pushed, please.

Regards Uli

Hi Tim,

> The encryption password is controlled via the
> TEDBEngine.EncryptionPassword property, and all encryption in the engine
> (disk/comms) is handled using the same password.  The general idea is
> that the purpose is for encryption, not for user security.  EDB has its
> own complete user security model for that, which DBISAM lacked:
>
> http://www.elevatesoft.com/manual?action=viewtopic&id=edb2sql&topic=User_Security

Thanks very much for that. The User_Security in EDB may be different to
the user security that I'm chasing. Yours seems to be more related to
database functions (as I'd expect).

What I'm wanting to do is have a table that stores a list of staff
members, and what roles they're allowed to do. (In many cases not
database related). Such as which reports they can access, controlling
external switches, what areas of the program they can and can't access,
etc).

I think the encryption will work fine for what I'm wanting to do.
(Effectively encrypt a table called 'staff' that contain their username,
a password, and the areas of the application that they have rights to).

The roles in EDB do look quite interesting though, and may be useful
down the track to ensure that only certain users have access to certain
tables within the system depending on 'roles'.

Cheers

Adam.

Uli,

> To change the password, this should work:
>
> Note that the password is stored in the edbmgr ini-file like Roy already
> mentioned.
> Use the config-file only for your encrypted database.
>
> 1. Disable the encryption of all tables.
> 2. Delete the config-file.
> 3. Create a new session (thus a new config-file), but do NOT open it.
> 4. Edit the edmgr ini-file and change the password(s) to the desired
> value(s).
> 5. Open the session.
> 6. Create a new database and connect it to the folder that contains your
> (unencrypted) tables.
> 7. Encrypt the tables again.

Thanks very much! I like to know that I've got an 'out'. (I made a small
mistake of once using the Signature in DBISam and now want to remove it,
but it doesn't look like I can do it efficiently - as the table includes
BLOB's that can't be reversed engineered using SQL).

Handy to know what you've posted. Thank you!

Cheers

Adam

Hi Roy,

>> In regards to encryption - would I be fine in simply setting a password
>> for both my application, and also EDB Manager to the same. (Like
>> 'myPassword' and have it global for all my applications.)
>>
>> I figure this way it would allow me to view, but only me (or the
>> application), and get around anyone else who downloads EDBManager?
>
> It will as long as no one else guesses the encryption password. Remember this has to be given to the engine/session in your app so it will have to be stored somewhere (the sneakier the better).

I'm guessing this is the more similar to DBISam then, in that it's fine
unless someone also guesses the table's password.

Thanks for taking the time out to help me (one again) Roy.

Cheers

Adam

Adam


I think the type of access control that's built into ElevateDB is really intended for those databases where multiple different applications not all necessarily under the control of the same developer can access it. When you have that you pretty much need to bake some sort of control into the database.

Desktop apps (even when shared) are generally under the control of a single developer and hence don't benefit as much from this approach.

Just one persons view.

Roy Lambert