从 Delphi7 安全地即时加密和压缩 FirebirdSQL 2.5 备份
Encrypt and compress a FirebirdSQL 2.5 backup on-the-fly from Delphi7 securely
我们需要保护客户数据并使用 FirebirdSQL 2.5(.8) 和 Delphi 7.
此外,如果 "master" 失败,则必须在 "secondary" PC 或笔式驱动器上进行定期备份。
为此我们使用了 this 方法,用 stdin/out 调用 Gbak.exe 和 7z.exe。
意识到这是一个坏主意,因为在此过程中很容易看到添加到命令行的参数(密码),即使使用简单的任务管理器也是如此。
有没有更安全的方法?
(使用标准的 Interbase 组件或 UIB)
升级到 Firebird 3,它使用 STDOUT 选项从您的应用程序中添加了 Database Encryption capability. If you don't want or cannot, I believe you might run the GBAK 工具,但您可以在您的文件中读取该输出而不是使用 7-zip 进行压缩应用程序,并通过一些加密库即时加密此类输入。
我相信您可能会在此处 (here is something related to start with) 找到许多如何 运行 一个应用程序并阅读其标准输出的示例,因此剩下的可能是关于寻找一种动态的方法流加密。或者只是在一个流中捕获 STDOUT 并在另一个流中进行加密。
SQL.ru 论坛上的 Firebird 人员说,实际上可以使用服务 API 远程获取备份流。
但这并不意味着 IBX 或 UIB 或任何其他库随时支持它。也许是,也许不是。
他们建议阅读 Firebird 2.5.2 的发行说明 或 doc\README 的第 4 部分。services_extension.txt Firebird 2.5.2+ 安装文件。
以下是后者的一小段摘录:
The simplest way to use this feature is fbsvcmgr. To backup database
run approximately the following:
fbsvcmgr remotehost:service_mgr -user sysdba -password XXX action_backup -dbname some.fdb -bkp_file stdout >some.fbk
and to restore it:
fbsvcmgr remotehost:service_mgr -user sysdba -password XXX action_restore -dbname some.fdb -bkp_file stdin <some.fbk
Please notice - you can't use "verbose" switch when performing backup
because data channel from server to client is used to deliver blocks
of fbk files. You will get appropriate error message if you try to do
it. When restoring database verbose mode may be used without
limitations.
If you want to perform backup/restore from your own program, you
should use services API for it. Backup is very simple - just pass
"stdout" as backup file name to server and use isc_info_svc_to_eof in
isc_service_query() call. Data, returned by repeating calls to
isc_service_query() (certainly with isc_info_svc_to_eof tag) is a
stream, representing image of backup file.
Restore is a bit more tricky. Client sends new spb parameter
isc_info_svc_stdin to server in
isc_service_query(). If service needs some data in stdin, it returns
isc_info_svc_stdin in query results, followed by 4-bytes value -
number of bytes server is ready to accept from client. (0 value means
no more data is needed right now.) The main trick is that client
should NOT send more data than requested by server - this causes an
error "Size of data is more than requested". The data is sent in next
isc_service_query() call in the send_items block, using
isc_info_svc_line tag in traditional form: isc_info_svc_line, 2 bytes
length, data. When the server needs next portion, it once more returns
non-zero isc_info_svc_stdin value from isc_service_query().
A sample of how services API should be used for remote backup and
restore can be found in source code of fbsvcmgr.
我们需要保护客户数据并使用 FirebirdSQL 2.5(.8) 和 Delphi 7.
此外,如果 "master" 失败,则必须在 "secondary" PC 或笔式驱动器上进行定期备份。
为此我们使用了 this 方法,用 stdin/out 调用 Gbak.exe 和 7z.exe。
意识到这是一个坏主意,因为在此过程中很容易看到添加到命令行的参数(密码),即使使用简单的任务管理器也是如此。
有没有更安全的方法?
(使用标准的 Interbase 组件或 UIB)
升级到 Firebird 3,它使用 STDOUT 选项从您的应用程序中添加了 Database Encryption capability. If you don't want or cannot, I believe you might run the GBAK 工具,但您可以在您的文件中读取该输出而不是使用 7-zip 进行压缩应用程序,并通过一些加密库即时加密此类输入。
我相信您可能会在此处 (here is something related to start with) 找到许多如何 运行 一个应用程序并阅读其标准输出的示例,因此剩下的可能是关于寻找一种动态的方法流加密。或者只是在一个流中捕获 STDOUT 并在另一个流中进行加密。
SQL.ru 论坛上的 Firebird 人员说,实际上可以使用服务 API 远程获取备份流。 但这并不意味着 IBX 或 UIB 或任何其他库随时支持它。也许是,也许不是。
他们建议阅读 Firebird 2.5.2 的发行说明 或 doc\README 的第 4 部分。services_extension.txt Firebird 2.5.2+ 安装文件。
以下是后者的一小段摘录:
The simplest way to use this feature is fbsvcmgr. To backup database run approximately the following:
fbsvcmgr remotehost:service_mgr -user sysdba -password XXX action_backup -dbname some.fdb -bkp_file stdout >some.fbk
and to restore it:
fbsvcmgr remotehost:service_mgr -user sysdba -password XXX action_restore -dbname some.fdb -bkp_file stdin <some.fbk
Please notice - you can't use "verbose" switch when performing backup because data channel from server to client is used to deliver blocks of fbk files. You will get appropriate error message if you try to do it. When restoring database verbose mode may be used without limitations.
If you want to perform backup/restore from your own program, you should use services API for it. Backup is very simple - just pass
"stdout"as backup file name to server and useisc_info_svc_to_eofinisc_service_query()call. Data, returned by repeating calls toisc_service_query()(certainly withisc_info_svc_to_eoftag) is a stream, representing image of backup file.Restore is a bit more tricky. Client sends new spb parameter
isc_info_svc_stdinto server inisc_service_query(). If service needs some data instdin, it returnsisc_info_svc_stdinin query results, followed by 4-bytes value - number of bytes server is ready to accept from client. (0 value means no more data is needed right now.) The main trick is that client should NOT send more data than requested by server - this causes an error"Size of data is more than requested". The data is sent in nextisc_service_query()call in thesend_itemsblock, usingisc_info_svc_linetag in traditional form:isc_info_svc_line, 2 bytes length, data. When the server needs next portion, it once more returns non-zeroisc_info_svc_stdinvalue fromisc_service_query().A sample of how services API should be used for remote backup and restore can be found in source code of
fbsvcmgr.