Using the External Option when Creating a SEP

From InterBase

Though an unauthorized person would not have decrypt permission for any encrypted columns, he or she might be able to bit edit the database file to artificially grant decrypt permission. The password attribute of an encryption key can mitigate this risk because the user needs the passwords as well as decrypt permission. For database-level encryption, the data would be visible immediately because only the SEP is needed to see it.

Adding the external setting to a SEP statement can make it more difficult for unauthorized users to access an encrypted database on a mobile device such as a laptop computer, or on an a poorly secured desktop computer.

alter database set system encryption password <255-character string> [external]

The external form of setting the SEP requires the first database attach to pass the isc_dpb_sys_encrypt_password parameter with the value of the password, or to set the environment variable isc_system_encrypt_password. Subsequent database attachments are not required to pass the SEP as the database server already has it in memory.

For security reasons, programs should not hardcode the SEP with isc_dpb_sys_encrypt_password but query the user, then generate this database attachment parameter dynamically. The ISC_SYSTEM_ENCRYPT_PASSWORD environment variable should never be hardcoded in scripts and if entered at the console should be unset as soon as possible.