Re: Authentification vs Encryption in a system to system interface

From: Tom S. (mailjunk@woh.rr.com)
Date: 02/28/03 

From: mailjunk@woh.rr.com (Tom S.)
Date: 28 Feb 2003 06:22:16 -0800

Lassi Hippeläinen <lahippel@ieee.orgies.invalid> wrote in message news:<3E5F2297.D991EB55@ieee.orgies.invalid>...
> "Tom S." wrote:
>
> > All this said, I'm I way out of line? If not, can anyone help me to
> > make my argument?
>
> You didn't describe your threat model. What are you afraid of? What
> would be the damage? From the threat model you can derive technical
> requirements for the VPN.
>
> -- Lassi

I'm not exactly sure how to define the threat other than to say I'm
concerned about another several things but maybe most I'm most
concerned of an errant data feed becoming intertwined with one of the
"real" feeds. I suppose this could happen by accident (a developer
test gone haywire) or by more malicious means (a bad guy). Because
more than one database instance will be replicated through the same
means, It is also important that I have the ability to insure there is
no cross over of data between various instances contained in the
feeds. I somehow need to create discretionary access controls on the
feeds -- one feed most be placed in a given directory and the other in
another directory but I don't know how this can be done without
"logging in" to the system to that ACLs can be applied to a user ID.
Even if we use certificates for authentification (x.509?) I don't know
if that type of authentification can be rolled down to the OS so that
ACL can be enforced. It seems like certificates are limited to
communications end-to-end authentification and don't really
authentification to the OS or file system.

If any of these things happen, it would corrupt my database. Database
corruption is my biggest fear not in-flight data theft because of
encryption on the VPN. It really all comes down to authentification
of a connection to provide discretionary access controls and can that
be done using SSL?

I hope that helps explain. Thanks.

Tom

Relevant Pages

  • Re: Need Guidance On this one
    ... > a database and user A has a list of news alerts he wants to be alerted on. ... Query the database and obtain a list of all RSS feeds to which users ... write it into the database and send an alert ...
    (comp.lang.php)
  • Re: Unix fFlat file to informix table
    ... then use "LOAD FROM ... ... If the file is not really a text file and does not contain line feeds ... Then one way is to first re-format the text file ... up into fixed length records and insert into a database table. ...
    (comp.databases.informix)
  • Re: Need Guidance On this one
    ... Also is there a application out there that does scheduled database processing with mySQL. ... a database from different RSS news feeds from different sites. ... Query the database and obtain a list of all RSS feeds to which users ...
    (comp.lang.php)
  • RE: Firewall DMZ
    ... Database in the LAN that feeds the other, ... Just never worked with a data mart. ... have to dive into database security sometime soon. ...
    (Security-Basics)
  • Re: Authentication help.
    ... What i want to do is validate user from database table. ... Include a forms authentification entry something like the one ... The forms authentification entry above allows users with a good cookie ...
    (microsoft.public.dotnet.framework.aspnet)