Re: Secure Database Systems
From: Matthias Scheller (schellem_at_student.ethz.ch)
Date: 07/09/04
- Next message: jagg: "Sort-Problem"
- Previous message: michel: "Re: why doesn't this work? - using && with an IF statement"
- In reply to: Sarah Tanembaum: "Secure Database Systems"
- Next in thread: Randy Lawrence: "Re: Secure Database Systems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 09 Jul 2004 11:53:18 +0200
Sarah Tanembaum schrieb:
> I was wondering if it is possible to create a secure database system
> using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web
> scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc) combination?
>
> I have the following in mind:
>
> I wanted to store all my( and my brothers and sisters) important
> document
> information such as birth certificate, SSN, passport number, travel
> documents, insurance(car, home, etc) document, and other important
> documents
> imagined in the database.
Store the information in a filesystem (accessible via https://), the
metainformation (catalogue) in a database which delivers as result a
link (for example a weblink). The link may be a script which delivers
the actual content (use include() in php) after checking the authorization
>
> The data will be entered either manually and/or scanned(with OCR). I
> need to
> be able to search on all the fields in the database.
>
> We have 10 computers(5bros, 4sisters, and myself) plus 1 server with I
> maintained. The data should be synchronize/replicate between those
> computers.
>
> Well, so far it is easy, isn't it?
>
> Here's my question:
>
> a) How can I make sure that it secure so only authorized person can
> modify/add/delete the information? Beside transaction logs, are there
> any
> other method to trace any transaction(kind of paper trail)?
If you are going to replicate between several databases, any member of
the family may have access to all data (if they are able), so I suppose
transaction is more an informal process (Who has added information in
case of further questions ?)
>
> Assuming there are 3 step process to one enter the info e.g:
> - One who enter the info (me)
> - One who verify the info(the owner of info)
> - One who verify and then commit the change!
> How can I implement such a process in RDBMS and/or PHP or any other web
> language?
The problem is again, that the one person who administrates the whole
lot could do anything she / he liked. Normally, secret sharing uses the
fact, that a system of equations is defined by exactly the amount of its
variables.
>
> b) How can I make sure that no one can tap the info while we are
> entering
> the data in the computer? (our family are scattered within US and
> Canada)
Search the web for secure copy, secure socket layer (SSL) etc.
>
> c) Is it possible to securely synchronize/replicate between our
> computers
> using VPN? Does RDBMS has this functionality by default?
VPN just gives you the same thing as if in a phone network, everyone
would have the same number range while living at different places.
Look after IPSEC
>
> d) Other secure method that I have not yet mentioned.
>
> Anyone has good ideas on how to implement such a systems?
a lot of time will help...
>
> Thanks
>
>
>
- Next message: jagg: "Sort-Problem"
- Previous message: michel: "Re: why doesn't this work? - using && with an IF statement"
- In reply to: Sarah Tanembaum: "Secure Database Systems"
- Next in thread: Randy Lawrence: "Re: Secure Database Systems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
