Discussion:
encrypted database dumps
(too old to reply)
Lindsey White
2006-08-02 17:21:45 UTC
Permalink
Hi all!

I seem to remember that Sybase ASE has an encryption parameter that can
be passed for a database dump, but I cannot find it. Was I dreaming, or
is this something that is only available in 15.0.1?

TIA...

Lindsey
Bret Halford
2006-08-02 20:50:55 UTC
Permalink
Probably dreaming. There is an open feature request for encrypted dumps,
CR 225720 but it isn't committed to any release.

There is the new ASE encrypted columns feature, columns that have been
encrypted using it will still be encrypted in the dump, but other columns
will not
be encrypted.

You may be thinking of the password option for DUMP DATABASE - this
does prevent the dump from being loaded without the password, but it
doesn't cause the dump itself to be encrypted - it can still be examined
using a hex editor, "strings" command, etc.

-bret
Post by Lindsey White
Hi all!
I seem to remember that Sybase ASE has an encryption parameter that can
be passed for a database dump, but I cannot find it. Was I dreaming, or
is this something that is only available in 15.0.1?
TIA...
Lindsey
Lindsey White
2006-08-03 14:54:51 UTC
Permalink
Thanks Bret...
Post by Bret Halford
Probably dreaming. There is an open feature request for encrypted dumps,
CR 225720 but it isn't committed to any release.
There is the new ASE encrypted columns feature, columns that have been
encrypted using it will still be encrypted in the dump, but other columns
will not
be encrypted.
You may be thinking of the password option for DUMP DATABASE - this
does prevent the dump from being loaded without the password, but it
doesn't cause the dump itself to be encrypted - it can still be examined
using a hex editor, "strings" command, etc.
-bret
Post by Lindsey White
Hi all!
I seem to remember that Sybase ASE has an encryption parameter that can
be passed for a database dump, but I cannot find it. Was I dreaming, or
is this something that is only available in 15.0.1?
TIA...
Lindsey
Mikhail T.
2006-08-04 23:42:49 UTC
Permalink
Post by Bret Halford
Probably dreaming. There is an open feature request for encrypted dumps,
CR 225720 but it isn't committed to any release.
I have a backup-plugin (libpipe, modeled after libcompress.so), that allows
you to send the backups into the stdin of any Unix command/pipeline.
Initially intended for facilitating using more powerful x86-based machine
for dump-compression, it can certainly be used for encrypting, or both:

dump database MEOW to 'pipe:::ccrypt -k /etc/secret
\> /dumps/MEOW.dmp.cpt'

or:

dump database MEOW to
'pipe:::bzip2 -9 \| ccrypt -k /etc/secret
\> /dump/MEOW.dmp.bz2.cpt'

and loaded back with:

load database MEOW from
'pipe:::ccat -k /etc/secret /dump/MEOW.dmp.bz2.cpt | bzcat'

(See http://quasar.mathstat.uottawa.ca/~selinger/ccrypt/ for ccrypt.)

Libpipe can also be used to dump/load directly to/from hostname:port, so you
can, for example, transfer content from one db to another (on the same or
different servers) without extra disk write/read:

isqlprompt1> load database MEOW_COPY from 'pipe::sBKHOST:5001'
[...]

isqlprompt2> dump database MEOW to 'pipe::PBKHOST:5001'
[...]

If you are interested, please, contact my off-line -- I intend to sell this
software for moderate fee per server.

The plugin is currently available for Solaris/Sparc, AIX/PowerPC,
Linux/i386, and Solaris/amd64.

-mi
--
Sybase! Release the OpenClient's source -- under any license...
Jason L. Froebe
2006-09-02 15:06:58 UTC
Permalink
Post by Mikhail T.
Post by Bret Halford
Probably dreaming. There is an open feature request for encrypted dumps,
CR 225720 but it isn't committed to any release.
I have a backup-plugin (libpipe, modeled after libcompress.so), that allows
you to send the backups into the stdin of any Unix command/pipeline.
Initially intended for facilitating using more powerful x86-based machine
dump database MEOW to 'pipe:::ccrypt -k /etc/secret
\> /dumps/MEOW.dmp.cpt'
dump database MEOW to
'pipe:::bzip2 -9 \| ccrypt -k /etc/secret
\> /dump/MEOW.dmp.bz2.cpt'
load database MEOW from
'pipe:::ccat -k /etc/secret /dump/MEOW.dmp.bz2.cpt | bzcat'
(See http://quasar.mathstat.uottawa.ca/~selinger/ccrypt/ for ccrypt.)
Libpipe can also be used to dump/load directly to/from hostname:port, so you
can, for example, transfer content from one db to another (on the same or
isqlprompt1> load database MEOW_COPY from 'pipe::sBKHOST:5001'
[...]
isqlprompt2> dump database MEOW to 'pipe::PBKHOST:5001'
[...]
If you are interested, please, contact my off-line -- I intend to sell this
software for moderate fee per server.
The plugin is currently available for Solaris/Sparc, AIX/PowerPC,
Linux/i386, and Solaris/amd64.
-mi
The only problem really with using custom build backup plugins is that
Sybase will not support them. That means, if the plugin or the other end
of the pipe has a glitch and the dump file is not loadable, Sybase really
won't be able to help you. That is why support for SQL Backtrack is
handled through BMC and not Sybase.

Just an fyi. I'm all for plugins and wish that Sybase would release more
useful information about the BackupServer API...
--
Jason L. Froebe

http://www.froebe.net/blog

http://jfroebe.livejournal.com

Team Sybase
Mikhail T.
2006-11-06 18:04:41 UTC
Permalink
Post by Jason L. Froebe
The only problem really with using custom build backup plugins is that
Sybase will not support them.  That means, if the plugin or the other end
of the pipe has a glitch and the dump file is not loadable, Sybase really
won't be able to help you.  That is why support for SQL Backtrack is
handled through BMC and not Sybase.
Why, of course! Such is the fate of ALL 3-rd party software intended to work
with a dominant player. Microsoft would "support" neither Netscape Browser
nor Norton Antivurs on Windows, for example... :-)
Post by Jason L. Froebe
Just an fyi.  I'm all for plugins and wish that Sybase would release more
useful information about the BackupServer API...
Thank you for warning -- not that it comes as any suprise. That said, I've
been doing dozens of backups per week using my plugin and restored 2-3 of
those dumps per week for the last 2 months without any trouble.

In fact, when piped into gzip, no plugin is needed to restore...

And a humble Opteron 244 is amazingly faster at compression than the poor
SPARCs and PowerPCs...

-mi
--
Sybase! Release the OpenClient's source -- under any license...
Loading...