Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: collecting sensitive data

by JavaFan (Canon)
on Jul 17, 2009 at 14:38 UTC ( [id://781070]=note: print w/replies, xml ) Need Help??


in reply to collecting sensitive data

I noticed that HTTPS was mentioned by a few people. Note that HTTPS only offers a start. It's far from sufficient when it comes to the transportation. HTTPS it itself make the channel "secure" (as in, 'it takes a while to decrypt'). It doesn't authenticate either end of the channel; just the fact that I talk to you over HTTPS doesn't mean I'm entitled to your data, nor does it mean I am who I say I am.

Basically, when two parties communicate, you want to:

  • Encrypt you channel. Noone should be able to read what was send by inspecting the wire.
  • Authenticate both parties. You shouldn't send data to someone who isn't your client, and your client shouldn't accept data from someone else. No man in the middle attacks.
  • Authorize the parties. A test server from the client may be authenticated, but it's not entitled to the production data.
  • Audit trail the communication. Who logged in when. What was asked for. What was send.

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://781070]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (7)
As of 2024-04-25 11:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found