This is an explanation from SCWCD@Whiz: "Data Integrity - The means used to ensure that information is made available only to users who are authorized to access it..." Can somebody explain why this is Data Integrity instead of Authorization?
Hi, Allan and Paul, To make it clear: 1. User Authentication: the process performed to verify that a user is who he says he is. Authentication is the process by which you determine a user's identity; ---I am Huzhu Lin 2. Authorization: the process by which we determine what actions a particular user can perform. ---I can post a new topic under my name. I can post a reply under my name. � 3. Data Integrity: the means used to prove that information has not been modified by a third party while in a transit. --- Only Huzhu Lin can post or edit a topic under his name. � To make it simpler: Authorization --- What actions can I perform? Data Integrity --- Who are authorized to manipulate me (the Data)? To this point, it should be no problem to accept: "Data Integrity - The means used to ensure that information is made available only to users who are authorized to access it..."
------------------------------------------------- Huzhu Lin Sun Certified Programmer for the Java� 2 Platform
Originally posted by Huzhu Lin: Data Integrity --- Who are authorized to manipulate me (the Data)?
That's not correct at all. Data Integrity simply means making sure that the data is not tampered with in transit. Nobody can check whether sombody can modify it or not while the data is in transit. Checks happen only when the data reaches the client/server (end points). Data Integrity is meant for the time when nobody can "guard" the data. ------------------ SCJP2, SCWCD Resources, Free Question A Day, Mock Exam Results and More! www.jdiscuss.com Get Certified, Guaranteed! JQPlus - For SCJP2 JWebPlus - For SCWCD JDevPlus - For SCJD
[This message has been edited by Paul Anil (edited October 22, 2001).]
Originally posted by Huzhu Lin: 3. Data Integrity: --- Only Huzhu Lin can post or edit a topic under his name. �
A big NOOOO. It means making sure whatever message Huzhu Lin sent arrived at the destination without any changes. There is no authorization issue here. Once Huzhu Lin sends the data, even he cannot change/modify/tamper it while it is in transit without raising a red flag! ------------------ SCJP2, SCWCD Resources, Free Question A Day, Mock Exam Results and More! www.jdiscuss.com Get Certified, Guaranteed! JQPlus - For SCJP2 JWebPlus - For SCWCD JDevPlus - For SCJD
Hi, Paul, Please refer to the link: http://searchdatabase.techtarget.com/sDefinition/0,,sid13_gci518970,00.html Quote: "Integrity, in terms of data and network security, is the assurance that information can only be accessed or modified by those authorized to do so. Measures taken to ensure integrity include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can also be threatened by environmental hazards, such as heat, dust, and electrical surges."
------------------------------------------------- Huzhu Lin Sun Certified Programmer for the Java� 2 Platform
Originally posted by Huzhu Lin: "Integrity, in terms of data and network security, is the assurance that information can only be accessed or modified by those authorized to do so."
Ok, then what is Authorization? I am sorry, I disagree with the source that you've mentioned.
Hi Paul, The point is: With authentication, the subject is the PERSON. With data integrity, the subject is the DATA. ------------------------------------------------- Huzhu Lin Sun Certified Programmer for the Java� 2 Platform
Consult the Servlet Specs: Section SRV.12.1 Introduction [to Security] page 80 Authentication: The means by which communicating entities prove to one another that they are acting on behalf of specific identities that are authorized for access. Access control for resources: The means by which interactions with resources are limited to collections of users or programs for the purpose of enforcing integrity, confidentiality, or availability constraints. Data Integrity: The means used to prove that information has not been modified by a third party while in transit. Confidentiality or Data Privacy: The means used to ensure that information is made available only to users who are authorized to access it. Paul is right.
Hi all, Paul is right. Data integrity is not directly related to security. Data integrity means that data needs to be kept in sync. When one needs to change more than one items, those items need to be changed at the same time without being changed by a third party in the middle. In database term, this is called a transaction.
Dear Allan, Thanks for your feedback. Yes, it was a mix-up and has already been corrected. Carl is correct with his definition of terms as written in Specs. Thanks and regards Pradeep Java Certification Test Simulators � J@Whiz, SCWCD@Whiz http://www.whizlabs.com/jwhiz
Post by:autobot
Forget this weirdo. You guys wanna see something really neat? I just have to take off my shoe .... (hint: it's a tiny ad)
a bit of art, as a gift, the permaculture playing cards