I have just finished(?) a project which will contain sensitive information.
I have been trying to make sure that the sensitive data is protected.
When running the disk the data is on will be encrypted, and I will turn on
encrypted data communication between 4D client and server. Data encryption in
the 4D system is done with 2048 size key pairs.
To this end - to protect the sensitive data, I am asking 3 hypothetical
questions regarding nefarious attempts to access the data.
1 - given a **ONLY** a 4D data file, with only the knowledge that the data you
want is encrypted inside the data file:
How do you go about accessing in some usable manner (decrypting) the encrypted
data?
2 - given the datafile in 1 above **AND** a compiled copy of the structure, You
do NOT know any (4D password system) user passwords:
what do you do in addition to and/or differently from above?
3 - given # 2 above, and you know 1 user level (no access to design or 'user'
modes) access password (yours):
what do you do in addition to and/or differently from above?
for #2 and #3
- When using the system, you are only able to see records belonging to you.
- If by some chance you got access to a different user's record(s), under your
login, there is code in place to reject viewing the record details, and the
information you want (encrypted data) is NOT visible in the record listing(s).
Thanks for playing along.
I hope I have thought of everything. :)
Chip
------------
Hell is other people
Jean-Paul Sartre
**********************************************************************
4D Internet Users Group (4D iNUG)
Archive: http://lists.4d.com/archives.html
Options: https://lists.4d.com/mailman/options/4d_tech
Unsub: mailto:[email protected]
**********************************************************************
