Daniel John Debrunner wrote:
John Embretsen wrote:
Daniel John Debrunner wrote:
If this reasoning is not valid, would it also be wrong to say that
Derby 10.3 is safer than 10.0?
I hadn't thought about that much, I don't remember much improvement from
10.0 to 10.2, so I would guess 10.3 is not more secure than 10.0. I'm
talking about the situation where a network server is listening on a
remote host without authentication and a user neglected to install a
security manager. That is some claim that Derby 10.3 is more secure in
that situation than before, I'm just doubting that claim. 10.3 can be
made to be more secure than 10.0 due to security manager improvements,
grant revoke etc, but that's not what the e-mail to the user list is
addressing.
The e-mail to the user list claimed that 10.3 was safer because a Security
Manager would be installed if the user neglected to install one. You listed
several remote user actions that were more secure because of this. What I was
trying to say was that my interpretation of that list is that 10.3 is (somewhat)
more secure (out of the box), because an adversary will have fewer good options
to try when attacking.
Would it be wrong to say that using encryption is safer than not using
encryption at all?
Depends on where the key is stored. If it's a fixed key (e.g. in an
application) or the key is easy to find then encryption is no more secure.
The attacker still has to jump through an extra hoop or two in order to find the
key (of course, it depends on how easy it is to find it) or crack the
encryption, which means that the probability of a successful attack has been
reduced (for example, a lazy attacker might rather move on to some other easily
accessible target). I'd call that (slightly) more secure.
For example, I know that the encryption in my home Wi-Fi network can
be cracked, but I still regard the system as safer (more secure) than
my neighbor's unencrypted Wi-Fi network.
And so would I, unless I could easily connect into your encrypted
network without knowing the password or encryption key and change its
configuration to no longer be secure. (Which is what 10.3 continues to
allow).
The wi-fi networks are a interesting comparison. Their mode out of the
box is insecure and allowing remote access. Derby's network server is
insecure but disallowing remote access.
Yes, it's comforting to know that we could always do worse ;)
--
John
