First off with cfmx you can use his java code in a cfc and make
functions that play with them. Although most of his code make extensive
use of mysql functions (decode/encode/md5) and the like. Chapter 3 and 5
go into beginner one way stuff. In those chapters of the book he uses a
lot of md5, which is a one-way hash, ie: if you md5 it forget it. All
that value is useful for now is lookup and pattern/trending. You should
never get the original from the md5 crypt, because there is no decrypt
function. Later he goes on to talk about public key crypto. This is not
a tutorial on pki, but an implementation of the ideas of pki. Chapter 4
is helpful to the beginner in pki. The book goes on to much more
complicated variations on the themes found in ch 3-5.
Remember this book is not displaying some new technology. It simply uses
java and mysql as the main engines of implementing more secure
'translucent' application design. Use the examples as just that:
examples. If this book was written using cf and sql2k as the engines,
the ideas would be the same but the example code would be different.
Imagine the java code as cf functions/cfcs he basically uses all that
java code to do routine things. Things like string manipulation, query
compilation and execution, variable validation, and math. All things a
cf programmer would do in a cf function/cfc.
This is a great book. I've had it in my library for a while now along
with others of his books like: 'disappearing cryptography' and
'compression algorithms'... I would recommend the book to anybody
looking into, working with, or whose job relies on project architecture
and/or database design.
Good luck,
Alexander Sicular
Chief Technology Architect
Neurological Institute of New York
Columbia University
as867 {at} columbia [dot] edu
> -----Original Message-----
> From: Dave Babbitt [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 16, 2002 9:06 PM
> To: CF-Talk
> Subject: Translucent Databases and Cold Fusion
>
>
> Hi Guys!
>
> Check out http://www.wayner.org/books/td/ - in it, Peter
> Wayner describes methods to construct databases that use
> one-way functions to scramble data and shield it from prying
> eyes. Unfortunately his examples are all in the
> overly-long-winded Java language, and I don't have the time
> nor money right now to analyze his code. Can anybody
> translate his examples into Cold Fusion? Here are some of the
> case studies (take your pick):
>
> 1. A database that hides the position of Navy ships
> from enemies while simultaneously providing accurate
> information to those with proper authorization.
> 2. An anti-rape database that identifies trends
> without containing any personal information.
> 3. A babysitter scheduling service that matches
> parents with available sitters while protecting the sitters'
> identities and locations'.
> 4. A department store database that guards the modesty
> of customers.
> 5. A private accounting system that detects fraud
> without revealing information.
> 6. A poker game for the Internet that prevents cheating.
> 7. A pharmacy database for preventing dangerous drug
> interactions while keeping medical records secure.
> 8. A tool for travel agents to protect their clients
> from stalkers and kidnappers.
> 9. A stock exchange transaction mechanism designed to
> stop insider-trading.
> 10. A website logfile tool that provides accurate
> counts of visitors while protecting their identities.
> 11. A credit-card database for defending crucial
> e-commerce transactions.
> 12. A patent search tool that doesn't reveal the nature
> and focus of the search.
> 13. A conference bulletin board that routes messages
> without helping stalkers.
> 14. A tool for studying the radon concentration in
> homes without maintaining personal information.
> 15. An anti-money laundering database.
>
> I know one trick where the password is hashed before it is
> stored in the database - an administrator can reset the
> password but can't tell you what it is. But this trick
> doesn't cover cases where the information needs to be
> displayed to certain people.
>
> Know any others?
>
> Dave
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
