Security Question

[Barmanjon]

Hey all...

I am after some help..

I have a database where i want only employees within a particular
organisation to read details about other employees. So basically
people within one organisation cant read details about other users in
another organisation within the company.

I just need some help on how i would go about setting up this sort of
thing...

I dont want to clog up the newsgroup by asking question after question
so if anyone can help me drop me a line at [email]barmanjon2002@yahoo.co.uk[/email]..

Thanks,

Jon

[Anton Buijs]

"Policy" and "fine grained access control" are the keywords you should look
for in the Oracle documentation (tahiti.oracle.com). Maybe a bit complex but
this can be a solution.

Barmanjon <barmanjon2002@yahoo.co.uk> schreef in berichtnieuws
[email]fff1d6ac.0212290756.7610df4@posting.google.com[/email]...
| Hey all...
|
| I am after some help..
|
| I have a database where i want only employees within a particular
| organisation to read details about other employees. So basically
| people within one organisation cant read details about other users in
| another organisation within the company.
|
| I just need some help on how i would go about setting up this sort of
| thing...
|
| I dont want to clog up the newsgroup by asking question after question
| so if anyone can help me drop me a line at [email]barmanjon2002@yahoo.co.uk[/email]..
|
| Thanks,
|
| Jon

[Ralph Freshour]

I've been reading the 'security' links at the bottom of some web sites
- they talk about usernames and especially passwords being sent
securing over the internet.

These are sites that us http and not https as I view them - are they
talking about another form of secure transmission (other than https)
or do they mean when passwords are sent to their server they change to
https and then back to http?

As far as I know, https is the only way to transmit secure data over
the internet...

Thanks...

[John Smith]

Yeah most sites change over to https for the login, then go back to http
mode after.

Ralph Freshour wrote:

> I've been reading the 'security' links at the bottom of some web sites
> - they talk about usernames and especially passwords being sent
> securing over the internet.
>
> These are sites that us http and not https as I view them - are they
> talking about another form of secure transmission (other than https)
> or do they mean when passwords are sent to their server they change to
> https and then back to http?
>
> As far as I know, https is the only way to transmit secure data over
> the internet...
>
> Thanks...
>

[Marcus]

Hi all,

I've been reading as much as I can on this matter but I still am not
totally clear on what I need to do, so here goes... sorry if the
question isn't totally PHP related, but my entire project is coded in
PHP so I figured this would be as good a place as any to ask.

If I have two PHP scripts, both protected by SSL, and the second script
sends an email containing sensitive data using mail() with info provided
in the first script, is this enough for security or do I also need to
implement something like PGP mail? Basically, is the email secure when
sent out because it is sent over a secure SSL connection, or is this not
the case? Thanks in advance for any feedback.

Marcus

[Gordon Burditt]

>I've been reading as much as I can on this matter but I still am not

>totally clear on what I need to do, so here goes... sorry if the
>question isn't totally PHP related, but my entire project is coded in
>PHP so I figured this would be as good a place as any to ask.
>
>If I have two PHP scripts, both protected by SSL, and the second script

Scripts are not protected by SSL. Communication between a web
browser and the server may be protected by SSL. SSL is a way to
communicate your credit card number to the scam artist operating
the web site without anyone ELSE being able to see it until the
scam artist sells it to the world. It does not in any way protect
your credit card number from being stuck by a stupid web designer
into a file where anyone in the world can fetch it with the web
browser. (See also: EGGHEAD, although I don't know the exact details
of their security breach that released thousands of credit card
numbers.)

>sends an email containing sensitive data using mail() with info provided
>in the first script, is this enough for security or do I also need to
>implement something like PGP mail?

SSL used by a web server does not in any way protect email sent
by a CGI or PHP page. For that matter, it doesn't protect SQL
queries to a database either unless the database connection is
encrypted.

Where is the email going? If the email is going out over the
Internet, it's vulnerable to snooping in transit. If the email is
going to a mailbox on the same host as the webserver, it may never
show up on a sniffable net cable, so only the admins of the box
could see it. If the email is going someplace else on a LAN, it
may be very difficult for anyone not an employee of your company
or the hosting company to sniff it. This says nothing about what
happens after the email goes into the mailbox. That could be hacked,
or it could be downloaded into a Windows machine with a virus/worm
that sends it all over the Internet.

>Basically, is the email secure when
>sent out because it is sent over a secure SSL connection,

NO! Sending *MAIL* over SSL is independent of the web browser using
SSL. Even if mail is sent encrypted over one hop, don't assume it
will be sent encrypted over all hops. Many (I suspect: nearly all)
mail servers simply don't do encryption of mail messages sending
server-to-server. If you want it encrypted, send it encrypted (e.g.
use PGP).

Oh, yes, just because you use SSL for the web server and PGP for
the email doesn't mean there aren't lots of credit card numbers in
the web server logs.

>or is this not
>the case? Thanks in advance for any feedback.

Gordon L. Burditt

[Neal_Bunja@adobeforums.com]

Need your help. I want to post documents in PDF format on my company website.
I'd like to secure the document so as no one can save or copy it. So far, I can make it secure within my office (by placing the document on our server drive and/or by emailing the PDF to someone). I used the SECURITY feature within version 6. When I FTP the document to our web server, all security seems to have disappeared. It allows people visiting my site to save the PDF.
Can anyone suggest what I can do to prevent saving? Any suggestions would be appreciated.

Neal

[Fr._Watson@adobeforums.com]

I'd like to secure the document so as no one can save or copy it.




You can't.

[W_T_Allen@adobeforums.com]

There is no way to do this with Acrobat (or any other application of which I have ever heard).

[Neal_Bunja@adobeforums.com]

Many Thanks!

[William_A._Davis@adobeforums.com]

You can restrict the changing of the document, the copying of info from it, and the printing, but not the saving. Saving is done automatically when you download to view the file. However, if the changing is set to secure, it can be changed, but not saved with the changes. I suspect this is really what you want (if I make sense).