Forums Register Login

Data Integrity vs Authorization

+Pie Number of slices to send: Send
This is an explanation from SCWCD@Whiz:
"Data Integrity - The means used to ensure that information is made available only to users who are authorized to access it..."
Can somebody explain why this is Data Integrity instead of Authorization?
+Pie Number of slices to send: Send
There might be some mix up. It is indeed authorization.
-Paul.
------------------
SCJP2, SCWCD Resources, Free Question A Day, Mock Exam Results and More!
www.jdiscuss.com
Get Certified, Guaranteed!
JQPlus - For SCJP2
JWebPlus - For SCWCD
JDevPlus - For SCJD
+Pie Number of slices to send: Send
Hi, Allan and Paul,
To make it clear:
1. User Authentication: the process performed to verify that a user is who he says he is. Authentication is the process by which you determine a user's identity; ---I am Huzhu Lin
2. Authorization: the process by which we determine what actions a particular user can perform. ---I can post a new topic under my name. I can post a reply under my name. �
3. Data Integrity: the means used to prove that information has not been modified by a third party while in a transit. --- Only Huzhu Lin can post or edit a topic under his name. �
To make it simpler:
Authorization --- What actions can I perform?
Data Integrity --- Who are authorized to manipulate me (the Data)?
To this point, it should be no problem to accept:
"Data Integrity - The means used to ensure that information is made available only to users who are authorized to access it..."

-------------------------------------------------
Huzhu Lin
Sun Certified Programmer for the Java� 2 Platform
+Pie Number of slices to send: Send
 

Originally posted by Huzhu Lin:
Data Integrity --- Who are authorized to manipulate me (the Data)?


That's not correct at all. Data Integrity simply means making sure that the data is not tampered with in transit. Nobody can check whether sombody can modify it or not while the data is in transit. Checks happen only when the data reaches the client/server (end points). Data Integrity is meant for the time when nobody can "guard" the data.
------------------
SCJP2, SCWCD Resources, Free Question A Day, Mock Exam Results and More!
www.jdiscuss.com
Get Certified, Guaranteed!
JQPlus - For SCJP2
JWebPlus - For SCWCD
JDevPlus - For SCJD

[This message has been edited by Paul Anil (edited October 22, 2001).]
+Pie Number of slices to send: Send
 

Originally posted by Huzhu Lin:
3. Data Integrity: --- Only Huzhu Lin can post or edit a topic under his name. �


A big NOOOO. It means making sure whatever message Huzhu Lin sent arrived at the destination without any changes. There is no authorization issue here. Once Huzhu Lin sends the data, even he cannot change/modify/tamper it while it is in transit without raising a red flag!
------------------
SCJP2, SCWCD Resources, Free Question A Day, Mock Exam Results and More!
www.jdiscuss.com
Get Certified, Guaranteed!
JQPlus - For SCJP2
JWebPlus - For SCWCD
JDevPlus - For SCJD
+Pie Number of slices to send: Send
Hi, Paul,
Please refer to the link: http://searchdatabase.techtarget.com/sDefinition/0,,sid13_gci518970,00.html
Quote:
"Integrity, in terms of data and network security, is the assurance that information can only be accessed or modified by those authorized to do so. Measures taken to ensure integrity include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can also be threatened by environmental hazards, such as heat, dust, and electrical surges."

-------------------------------------------------
Huzhu Lin
Sun Certified Programmer for the Java� 2 Platform
+Pie Number of slices to send: Send
Huzhu,
You are right. I agree with you. At times I was confused with this problem too.
Bob
+Pie Number of slices to send: Send
 

Originally posted by Huzhu Lin:
"Integrity, in terms of data and network security, is the assurance that information can only be accessed or modified by those authorized to do so."


Ok, then what is Authorization?
I am sorry, I disagree with the source that you've mentioned.

------------------
SCJP2, SCWCD Resources, Free Question A Day, Mock Exam Results and More!
www.jdiscuss.com
Get Certified, Guaranteed!
JQPlus - For SCJP2
JWebPlus - For SCWCD
JDevPlus - For SCJD
+Pie Number of slices to send: Send
I am more confused now! Any other explanations?
+Pie Number of slices to send: Send
Hi Paul,
The point is:
With authentication, the subject is the PERSON.
With data integrity, the subject is the DATA.
-------------------------------------------------
Huzhu Lin
Sun Certified Programmer for the Java� 2 Platform
+Pie Number of slices to send: Send
Consult the Servlet Specs:
Section SRV.12.1 Introduction [to Security] page 80
Authentication: The means by which communicating entities prove to one another that they are acting on behalf of specific identities that are authorized for access.
Access control for resources: The means by which interactions with resources are limited to collections of users or programs for the purpose of enforcing integrity, confidentiality, or availability constraints.
Data Integrity: The means used to prove that information has not been modified by a third party while in transit.
Confidentiality or Data Privacy: The means used to ensure that information is made available only to users who are authorized to access it.
Paul is right.


------------------
I Hope This Helps
Carl Trusiak, SCJP2, SCWCD
+Pie Number of slices to send: Send
Hi all,
Paul is right.
Data integrity is not directly related to security.
Data integrity means that data needs to be kept in sync.
When one needs to change more than one items, those items need to be changed at the same time without being changed by a third party in the middle.
In database term, this is called a transaction.
+Pie Number of slices to send: Send
Dear Allan,
Thanks for your feedback.
Yes, it was a mix-up and has already been corrected.
Carl is correct with his definition of terms as written in Specs.
Thanks and regards
Pradeep
Java Certification Test Simulators � J@Whiz, SCWCD@Whiz http://www.whizlabs.com/jwhiz
Forget this weirdo. You guys wanna see something really neat? I just have to take off my shoe .... (hint: it's a tiny ad)
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com


reply
reply
This thread has been viewed 1039 times.
Similar Threads
[To Authors] State of the webservices world
mock exam question on security
Data Integrity in sevlets
Confidentiality
Q 4 Whizlabs authors (5): questions on the Big 4 in Webapp Security
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 08:49:10.