Hosting Provided By

RE: Cryptography and Site Security: Please critique my security idea

From: Brass, Phil (ISS Atlanta) <PBrass(at)iss.net>
Date: Thu Mar 27 2003 - 21:02:58 EST

Obviously this is a vendor-specific solution on the server side, but what if you used IIS and w2k or .NET server with encrypting file system, and either SSL client certificates (optionally in one of those cool USB hardware tokens) or else at least using HTTP authentication. Now the attacker won't be able to download the encrypted files unless they compromise a user account. And there's no weirdness with file "1" that contains everybody's keys.

I may be wrong, but it sounds like you're reinventing the wheel...

Phil

> -----Original Message-----
Received on Thu Mar 27 22:41:32 2003

This message: [ Message body ]
Next message: Chris Neil: "Passing data between frames"
Previous message: Mark Mcdonald: "RE: Session Fixation"
Maybe in reply to: Robert Paris: "Cryptography and Site Security: Please critique my security idea"
In reply to Mark Mcdonald: "RE: SQL Injection Basics"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:49 EDT