couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Update of "How to add client-side security" by PeterWayner
Date Fri, 27 Mar 2009 18:45:16 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The following page has been changed by PeterWayner:
http://wiki.apache.org/couchdb/How_to_add_client-side_security

------------------------------------------------------------------------------
  
  The simplest solutions use one-way function like SHA-256 at the client to scramble the name
and password before storing the information. Here's a quick example of what a table of store
purchases might look like ''before'' the data is scrambled:
  
+ ==== Before Translucency====
+ 
  ||''name''||''password''||''product name''||''purchase date''||''size 1''||''size 2''||
  ||Bob Jones||Swordfish||Brawny Pants||Jan 24 2009||32||34||
  ||Bob Jones||Swordfish||Dancing Pants||Jan 24 2009||32||34||
+ ||Mary Smith||plastics||Broadway Hat||Jan 24 2009||10||-||
+ ||Mary Smith||plastics||Shopping Pants||Jan 25 2009||26||28||
+ ||Constance Dalmation||greeny||Shopping Pants||Jan 26 2009||25||27||
  
+ ==== After Translucency ====
+ 
+ 
+ ||''SHA256(name&password)''||''product name''||''purchase date''||''size 1''||''size
2''||
+ ||a67373bc873aacd99392||Brawny Pants||Jan 24 2009||32||34||
+ ||a67373bc873aacd99392||Dancing Pants||Jan 24 2009||32||34||
+ ||3c939a9d9939de993993||Broadway Hat||Jan 24 2009||10||-||
+ ||3c939a9d9939de993993||Shopping Pants||Jan 25 2009||26||28||
+ ||99929d99c9a999a9dd8d||greeny||Shopping Pants||Jan 26 2009||25||27||
+ 
+ 
+ This solution gives the client control of the data in the database without requiring a thick
layer on the database to test each transaction. Some advantages are:
+ 
+  * Only the client or someone with the knowledge of the name and password can compute the
value of SHA256 and recover the data.
+  * Some columns are still left in the clear, an advantage if the marketing department wants
to compute aggregated statistics.
+  * Computation of SHA256 is left to the client side computer which usually has cycles to
spare.
+  * The system prevents server-side snooping by insiders and any attacker who might penetrate
the OS or any of the tools running upon it.
+ 
+ There are limitations:
+ 
+  * There is no root password. If the person forgets their name and password, their access
is gone forever. This limits its use to databases that can continue by issuing a new user
name and password.
+ 
+ There are many variations on the theme detailed in the book [http://www.wayner.org/node/46
''Translucent Databases''] including:
+ 
+  * Adding a backdoor with public-key cryptography.
+  * Adding a second layer with steganography.
+  * Dealing with typographical errors.
+  * Mixing encryption with one-way functions.
+ 
+ Here are several case studies:
+ 
+  * [http://www.wayner.org/node/46 ''Libraries'']
+  * [http://www.wayner.org/node/21 ''Department Stores'']
+ 

Mime
View raw message