Return-Path: Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: (qmail 54818 invoked from network); 31 May 2007 19:09:27 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 31 May 2007 19:09:27 -0000 Received: (qmail 32775 invoked by uid 500); 31 May 2007 19:09:29 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 32720 invoked by uid 500); 31 May 2007 19:09:29 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 32709 invoked by uid 99); 31 May 2007 19:09:29 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 31 May 2007 12:09:29 -0700 X-ASF-Spam-Status: No, hits=3.2 required=10.0 tests=HTML_10_20,HTML_MESSAGE,MAILTO_TO_SPAM_ADDR,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of diabeteo@gmail.com designates 64.233.166.182 as permitted sender) Received: from [64.233.166.182] (HELO py-out-1112.google.com) (64.233.166.182) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 31 May 2007 12:09:24 -0700 Received: by py-out-1112.google.com with SMTP id f31so478797pyh for ; Thu, 31 May 2007 12:09:02 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=GpuFS+rpQcmMsHQs83y86M/ZK/ktNwzyuqV3n8SO5ObF3+Mm7tMlfD01Vl6F7lOjDpmZwHUPVL6BIs751S6iCqftErG7Ny5RpmzkiXdU1ML0Lv3q+EXv64atZWIhaXTIpbtP2XeEAdVZFzKrQp9v8j53xGY91kC2sTzJwY5BziM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=T4oURymcgLonCK37iZNw7ZIkj1xaWufClSG3nbHJaDcT20mONGXaciGbDWV0umi8Z+3mqyhH1yrYV92I1Zm505S2+1bL+R7y1RRMGJCWxHU6mbknmADz/Zqcdiatso42jwioHz06zH2qUmRlSKw+mKfBiaUhz/Ta4WNi8VcXZ5k= Received: by 10.35.88.17 with SMTP id q17mr1509794pyl.1180638542664; Thu, 31 May 2007 12:09:02 -0700 (PDT) Received: by 10.35.37.4 with HTTP; Thu, 31 May 2007 12:09:02 -0700 (PDT) Message-ID: <3e420d300705311209o156dc412ja152eb7e882fcdb7@mail.gmail.com> Date: Thu, 31 May 2007 21:09:02 +0200 From: "Stanley Styszynski" To: "Derby Discussion" Subject: Re: Users authentication - design problem In-Reply-To: <1180589062.11288.20.camel@localhost> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_16951_16966297.1180638542600" References: <3e420d300705301142w6f5d7c73r6f2d6c459d604426@mail.gmail.com> <1180589062.11288.20.camel@localhost> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_16951_16966297.1180638542600 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello again, First of all, thanks to everybody for posting these ideas and thoughts. Maybe I will give some more pieces of information about my application: My application will be able to upload meter and insulin dosing data and generate charts to help identify patterns. So, users will be adding, modifying and removing their results. There will be a possibility of importing/exporting data, printing reports and so on. I am not taking into account that there could be any central server. Everything must be stored on the user's desktop. What I want to achieve is an multiuser application in which one user should not have access to other user data. This is the main goal. What is more, I would like to secure the data as much as I can. I have planned to use built-in authentication and encryption. Maybe I should use something different. While built-in authentication seems rather ok, encryption can cause problems (as some of you pointed out). I like the idea of having generic user and root user. Root user could be (as I have planned) be generated dynamiccally, and only this user could have rights to modify data. Generic user could only read data, and being already authenticated, the application could dynamically "log in" secret root user (his username and password would be secret to the generic user and stored encrypted in a table). In this situation, even if the database was moved somewhere or application was not available, generic user would always have access to his data and could export it to working copy of the application. Am I right? Any more suggestions? By the way: it will be an open-source application. Later on I plan to create (with volunteers) server-side application to be installed in hospitals and medical centers. Regards, Stanley On 5/31/07, m96 wrote: > > hi, > > a few thoughts... > I don't think that any of your users have the knowledge to copy and boot > the database. or the intention to change the data in your database, > therefore you could just create a jar file and embed it. and when your > application does not support modifications on the database then you are > safe. > > on the other side i can understand your need to access restriction if > your application must be GxP compliant and so you need to proof that > no-one has changed the data in your db. so the idea would be creating a > generic user and root user. the generic user with the a std pwd that > publicly known (also to the application it-self) could read the data. > and only root could modify the data. > > encryption makes only sense if you keep the boot pwd secret. which won't > be the case in your situation. > > cheers... > > > On Wed, 2007-05-30 at 20:42 +0200, Stanley Styszynski wrote: > > Hello, > > > > My name is Stanley and I'm working on application which will offer > > opportunity to simulate the effects of changes in insulin and diet on > > the blood glucose profile of a diabetic patient. It will be a > > multiuser, desktop application with Apache Derby inside. > > > > I would not like to grant any of the users the administrative > > privileges. Every user (added using special form in my application) > > should be equal. No one should be able to see or modify other users > > results or database settings. I plan to dynamically create a root user > > (when my application will be launched for the first time). Root's user > > name and password will be created dynamically (current time multiplied > > by random value and SHA-256). This data will be stored in separate > > text file(encrypted) and it's content will be read by the application > > to enable adding new users. I plan to encrypt a database so only my > > application will be able to boot it. > > Then, application itself, will be controlling access to the propriate > > pieces of data. It should be easy when we take into account that my > > application is using built-in driver (no network connection at all, > > database is integrated with application). > > > > Is this solution good? Maybe there are others who encountered such a > > "problem" and could share their knowledge? > > > > Regards, > > > > Stanley > > > > ------=_Part_16951_16966297.1180638542600 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello again,

First of all, thanks to everybody for posting these ideas and thoughts.

Maybe I will give some more pieces of information about my application:
My application will be able to upload meter and insulin dosing data and generate charts to help identify patterns. So, users will be adding, modifying and removing their results. There will be a possibility of importing/exporting data, printing reports and so on. I am not taking into account that there could be any central server. Everything must be stored on the user's desktop.

What I want to achieve is an multiuser application in which one user should not have access to other user data. This is the main goal. What is more, I would like to secure the data as much as I can. I have planned to use built-in authentication and encryption. Maybe I should use something different. While built-in authentication seems rather ok, encryption can cause problems (as some of you pointed out).

I like the idea of having generic user and root user. Root user could be (as I have planned) be generated dynamiccally, and only this user could have rights to modify data. Generic user could only read data, and being already authenticated, the application could dynamically "log in" secret root user (his username and password would be secret to the generic user and stored encrypted in a table). In this situation, even if the database was moved somewhere or application was not available, generic user would always have access to his data and could export it to working copy of the application. Am I right? Any more suggestions?

By the way: it will be an open-source application. Later on I plan to create (with volunteers) server-side application to be installed in hospitals and medical centers.

Regards,

Stanley

On 5/31/07, m96 <m96@gmx.li> wrote:
hi,

a few thoughts...
I don't think that any of your users have the knowledge to copy and boot
the database. or the intention to change the data in your database,
therefore you could just create a jar file and embed it. and when your
application does not support modifications on the database then you are
safe.

on the other side i can understand your need to access restriction if
your application must be GxP compliant and so you need to proof that
no-one has changed the data in your db. so the idea would be creating a
generic user and root user. the generic user with the a std pwd that
publicly known (also to the application it-self) could read the data.
and only root could modify the data.

encryption makes only sense if you keep the boot pwd secret. which won't
be the case in your situation.

cheers...


On Wed, 2007-05-30 at 20:42 +0200, Stanley Styszynski wrote:
> Hello,
>
> My name is Stanley and I'm working on application which will offer
> opportunity to simulate the effects of changes in insulin and diet on
> the blood glucose profile of a diabetic patient. It will be a
> multiuser, desktop application with Apache Derby inside.
>
> I would not like to grant any of the users the administrative
> privileges. Every user (added using special form in my application)
> should be equal. No one should be able to see or modify other users
> results or database settings. I plan to dynamically create a root user
> (when my application will be launched for the first time). Root's user
> name and password will be created dynamically (current time multiplied
> by random value and SHA-256). This data will be stored in separate
> text file(encrypted) and it's content will be read by the application
> to enable adding new users. I plan to encrypt a database so only my
> application will be able to boot it.
> Then, application itself, will be controlling access to the propriate
> pieces of data. It should be easy when we take into account that my
> application is using built-in driver (no network connection at all,
> database is integrated with application).
>
> Is this solution good? Maybe there are others who encountered such a
> "problem" and could share their knowledge?
>
> Regards,
>
> Stanley
>


------=_Part_16951_16966297.1180638542600--