You'd still want the kiosk to be a web browser and then you'd spend all of your efforts securing the web server. The full disk encryption I've heard about it requires someone to be there to enter the password at boot time.
Hugh Ahmed Kamal wrote:
Well, the situation is complicated, but basically the code and data have to live on the customer's side. Please assume that and let me know of any tweaks I can use to protect against (or make difficult) data theft off of that On Jan 18, 2008 6:18 PM, Hugh Brown <[EMAIL PROTECTED]> wrote:The data is your concern. None of the data that you care about should live on the kiosk box, ever. The usual way of dealing with this is to have the kiosk box be a web browser and nothing else. When the kiosk boots, it automatically starts a web browser. If someone exits out of the browser, there's a minimal windowing environment that can't do anything else but restart the web browser. The web browser points to a web server that you control. The web server has your code and it is written well and securely so that data leaks can't happen. The database lives on a box separate from the web server and only the web server can talk to it. How exactly do you envision data theft? HTH, Hugh Ahmed Kamal wrote:oh! No, the hardware is *not* my concern. It's the data! Let me quickly recap. Let's try points this time - The Linux system I build will be on someone else's network (mostlyotherpotentially hostile companies) - The system provides a web interface to a database that users shouldaccess& use - The users should not be able to steal/mount the disk, to dump mydatabaseor look at my code - I know such setup will never be 100% secure, I just need to makestealingthe data as hard as possible Hope that's clear. I apologize if I was not too clear earlier_______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list------------------------------------------------------------------------ _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
-- System Administrator DIVMS Computer Support Group University of Iowa Email: [EMAIL PROTECTED] Voice: 319-335-0748
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
