Hey rick, thanks for the link!
Now actually the previous link works for me too, maybe the server was just down 
because of the glibc issue or so ;-)

Interesting read.
And this is a complete different scenario than cryptodb, as this is about web 
clients, not native clients.

As I wrote in my other post, web client crypto is a problem. They address this 
by verifying the code with another server separate from the web application / 
database server.
If I understand it correctly, with Mylar you have 2 instead of 1 server, and 
only 1 of those 2 servers need to be absolute secure.
Though I'm not sure if this holds true, if an attacker starts to manipulate the 
web application code he might be able to completely replace the original 
application undetected, I think.
Still, I don't see how building a more complex system (more code = more bugs) 
with 2 servers from which 1 has to be properly secured is better then building 
a system with less code with one server and properly secure this one server.

There seems also to be a browser extension to verify the client side code, so 
this is more like having a native client then.
But yeah, user have to install the extension, and if you don't deliver that 
extension physically (CD/stick per postal mail) to them, then an attacker could 
temper with it, so its about securing a server again.


----- Original Message -----
From: Rick Lyman [mailto:lyman.r...@gmail.com]
To: picolisp@software-lab.de
Sent: Thu, 18 Feb 2016 06:20:00 -0500
Subject: Re: crypto db

>This link https://css.csail.mit.edu/mylar/ is not working for me


Reply via email to