Stories
Slash Boxes
Comments

SoylentNews is people

ZeroDB Encrypted Database Now Open Source

posted by martyb on Friday December 11 2015, @07:21AM   Printer-friendly
from the hidden-in-plain-site dept.

The Mighty Buzzard writes:

From the fine folks over at net-security.org comes this interesting announcement:

ZeroDB, an end-to-end encrypted database whose release was announced earlier this year, is now open source.

Developers MacLane Wilkison and Michael Egorov changed the license from proprietary to AGPLv3 on Monday, and invited the public to use it: "Try it, build awesome things with it, break it. Then tell us about it."

ZeroDB is based on the eponymous protocol that allows end-to-end encrypted queries, which in turn allows encrypted data to be stored on untrusted servers (e.g. in a public cloud).

[...] "In ZeroDB, the client is responsible for the database logic. Data encryption, decryption and compression also happen client side. Therefore, the server never has any knowledge about the data, its structure or order," it is explained in the documentation.

"Since the server has no insight into the nature of the data, the risk of a server-side data breach is eliminated. Even if attackers successfully infiltrate the server, they won't have access to the cleartext data," the developers pointed out.

No, NCommander, we don't need to switch databases twice in a year. Wait till 2016 at least.

Original Submission

 
This discussion has been archived. No new comments can be posted.
ZeroDB Encrypted Database Now Open Source | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Informative) by Anonymous Coward on Friday December 11 2015, @01:26PM

    by Anonymous Coward on Friday December 11 2015, @01:26PM (#274953)

    Evidence that you're misreading:

    GPLv3, [www.gnu.de] section 5, last paragraph

    A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an “aggregate” if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate.

    So the license states quite explicitly that the license does not apply to other parts of a distribution which are independent of the covered work (i.e. the GPLv3-licensed code). Of course if the license does not apply, then this is true for any clause of the license, including the patent clause.

    In short: If you distribute a GPLv3 GCC with your OS, then the rest of the OS will not automatically be covered by the GPL, except for code that makes explicit use of GCC's code.

    Now if you compile with GCC, other considerations come into play, because the compiled code explicitly contains code from the GCC runtime library. However, that library contains the following exception:

    You have permission to propagate a work of Target Code formed by combining the Runtime Library with Independent Modules, even if such propagation would otherwise violate the terms of GPLv3, provided that all Target Code was generated by Eligible Compilation Processes. You may then convey such a combination under terms of your choice, consistent with the licensing of the Independent Modules.

    See https://www.gnu.org/licenses/gcc-exception-3.1-faq.en.html [gnu.org] for details.

    Starting Score:    0  points
    Moderation   +4  
       Insightful=1, Informative=3, Total=4
    Extra 'Informative' Modifier   0  
    Total Score:   4