Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re: collecting sensitive data

by JavaFan (Canon)
on Jul 17, 2009 at 14:38 UTC ( #781070=note: print w/replies, xml ) Need Help??


in reply to collecting sensitive data

I noticed that HTTPS was mentioned by a few people. Note that HTTPS only offers a start. It's far from sufficient when it comes to the transportation. HTTPS it itself make the channel "secure" (as in, 'it takes a while to decrypt'). It doesn't authenticate either end of the channel; just the fact that I talk to you over HTTPS doesn't mean I'm entitled to your data, nor does it mean I am who I say I am.

Basically, when two parties communicate, you want to:

  • Encrypt you channel. Noone should be able to read what was send by inspecting the wire.
  • Authenticate both parties. You shouldn't send data to someone who isn't your client, and your client shouldn't accept data from someone else. No man in the middle attacks.
  • Authorize the parties. A test server from the client may be authenticated, but it's not entitled to the production data.
  • Audit trail the communication. Who logged in when. What was asked for. What was send.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://781070]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (6)
As of 2020-11-27 11:50 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?