StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>It sounds like you are trying to implement access restrictions through encryption of each class of resource with a different key, correct?</p> <p>There doesn't seem to be a good way to implement the scheme as you describe it. Consider having the resources encrypted by a single key. You would necessarily need to expose the decrypt key to users, but if their roles change there is no way to revoke access without re-encrypting the objects with a new key, which may invalidate other users keys (not necessarily). Another, approach would be to have each user have a public key, and each resource would be encrypted against the public keys of all users with access. But objects would have to be re-encrypted to add or remove access. Your approach is only viable if role changes are rare and you don't mind re-encrypting to enforce access restrictions.</p> <p>You could consider decoupling storage encryption and protected access. A database can be encrypted in <a href="http://msdn.microsoft.com/en-us/library/cc278098.aspx" rel="nofollow noreferrer">total</a>, and the server could prompt for the key at startup (no storage). The type of access control depends what your middle layer looks like, it sounds your administrator could change roles by adding and removing database privileges (Could you elaborate on what kind of component 'Login' is? OS, DB, or custom server software login?). To transmit objects securely to remote users, use an SSH tunnel or SSL connection. In this approach, objects are encrypted on disc and during transmission and roles can be freely changed without having to re-encrypt.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload