Stories
Slash Boxes
Comments

SoylentNews is people

ZeroDB Encrypted Database Now Open Source

posted by martyb on Friday December 11 2015, @07:21AM   Printer-friendly
from the hidden-in-plain-site dept.

The Mighty Buzzard writes:

From the fine folks over at net-security.org comes this interesting announcement:

ZeroDB, an end-to-end encrypted database whose release was announced earlier this year, is now open source.

Developers MacLane Wilkison and Michael Egorov changed the license from proprietary to AGPLv3 on Monday, and invited the public to use it: "Try it, build awesome things with it, break it. Then tell us about it."

ZeroDB is based on the eponymous protocol that allows end-to-end encrypted queries, which in turn allows encrypted data to be stored on untrusted servers (e.g. in a public cloud).

[...] "In ZeroDB, the client is responsible for the database logic. Data encryption, decryption and compression also happen client side. Therefore, the server never has any knowledge about the data, its structure or order," it is explained in the documentation.

"Since the server has no insight into the nature of the data, the risk of a server-side data breach is eliminated. Even if attackers successfully infiltrate the server, they won't have access to the cleartext data," the developers pointed out.

No, NCommander, we don't need to switch databases twice in a year. Wait till 2016 at least.

Original Submission

 
This discussion has been archived. No new comments can be posted.
ZeroDB Encrypted Database Now Open Source | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by c0lo on Friday December 11 2015, @08:49AM

    by c0lo (156) Subscriber Badge on Friday December 11 2015, @08:49AM (#274887) Journal

    However, the problem gets worse. Let's assume for the moment that net access applies to anyone using the site because its part of our stack

    The moment the system architecture says "only the client connects to the DB in a meaningful way", then there is no stack - it's a two tier client server application, no matter how many dumb proxies on the way; yes, anything on they way is dumb if...

    "In ZeroDB, the client is responsible for the database logic. Data encryption, decryption and compression also happen client side. Therefore, the server never has any knowledge about the data, its structure or order," it is explained in the documentation.

    If you think of it, this is as dumb as XBase/MSAccess... sorta MSAccess database file stored in the cloud and accessed remotely, eh?

    (just in case anyone reading is too young to even know what's Xbase [wikipedia.org] about: dBase [wikipedia.org], FoxPro [wikipedia.org], Clipper [wikipedia.org])

    --
    https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by NCommander on Friday December 11 2015, @09:06AM

    by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Friday December 11 2015, @09:06AM (#274891) Homepage Journal

    I was just referring to the license, not its technical merits. I haven't even looked at the thing, the license alone makes it a complete non-starter. To be fair, Access is a fancy frontend to JetDB, which was meant to be used in a manner similar to SQLite is today; it just happens a lot of people used it for things that it wasn't meant for. You can open MDB files in anything that can speak Jet; there are standard ODBC modules for it.

    --
    Still always moving