Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Confidentiality

 
Chandra Bhatt
Ranch Hand
Posts: 1710
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This question is from Marcus Green mock exam:


Confidentiality can be defined as information is not made available or
disclosed to unauthorized persons or processes.


True/False

Answer says false. I have doubt in that.

Please confirm!

Thanks,
 
khushhal yadav
Ranch Hand
Posts: 242
Java Mac Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Chandra

It's Ok. It will be false only. As Confidentiality means no Eavesdropping.
Whatever statement is given that pertains to Authorization.

Regards,
Khushhal
 
Chandra Bhatt
Ranch Hand
Posts: 1710
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi khushhal,

Doesn't that mean, the information is not disclosed to unauthorized
person or process? The information is confidential and not visible to
unauthorized person or process.


Thanks,
[ August 07, 2007: Message edited by: Chandra Bhatt ]
 
khushhal yadav
Ranch Hand
Posts: 242
Java Mac Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
See Chandra

Authorization is all about maintaining the confidentiality and integrity of data stored on the server by preventing illegal or unauthorized access.

But Confidentiality and data integrity comes into play during the transmission of data between client and servet to prevent it from being manipulated or exposed to third party or Eavesdropper. And that's what when we talk about data integrity or confidentiality.

Data integrity and confidentiality pertain to protection of data during transmission.For that we have different protocols like HTTPS. It's about <user-data-constraint> element of <security-constraint>.
While Authorization pertains to the protection of data on server side. It's about <web-resource-collection> element of <security-constraint>.

Regards,
Khushhal
 
Srinivasan thoyyeti
Ranch Hand
Posts: 558
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Chandra,

In that question Author is looking the definition of confidentiality.
If you have gone though web security chapter, it would have sound simple to you.
 
Chandra Bhatt
Ranch Hand
Posts: 1710
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Khusshal: I agree with what you say.
Confidentiality is all about hiding data from the eavesdropper along the
data transmission channel, who intend to read data unauthentically. Whereas the original statement is concerned about authorization of the resource
on the server machine that we save by setting <security-constraint>
<web-resource-collection> <http-method> ...


Strini
That is right. Author is trying to ask the definition of confidentiality.
Finally I conclude with the demarcation of protecting resources staying on
the server and protecting data traveling along the communication medium.


Am I correct?

Thanks,
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic