Comments: on H5: how to inject security into the SQL database

Honored to be mentioned in the blog and forced to respond to the content :-)

First, so the scope of H1 - H7 is 'everything'. Given this one would assume that as per H5, the application shouldn't even trust the Operating System it is running on. As someone has pointed out in your previous blog on this, NSA (!) has said that "secure applications require secure operating systems".

To apply this principle, your 'flat-file' approach would be severely compromised if the app couldn't trust the OS, as the OS could easily leak data out, either from memory or the file system drivers..

Unless of course you have written a JVM-like virtual machine over which your app runs, which in turn encrypts everything including data written to memory except for the CPU caches.. But even you can't be that paranoid ;-)

Clearly some part of payments data can't be public but am yet to see anything in payments applications that looks ANYTHING like your diagram above (though you of course have seen much more!).

Usually have seen payments apps that directly interact with DBs (that are not accessible to other apps/ users) or MQ queues.. And that communication is in turn protected by underlying protocols/ infrastructure that is 'trusted'

Posted by AC2 at February 24, 2009 01:04 AM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x55d4b7af3c30) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.