aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Data Integrity vs Authorization Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Data Integrity vs Authorization" Watch "Data Integrity vs Authorization" New topic
Author

Data Integrity vs Authorization

Allan Moster
Ranch Hand

Joined: Sep 14, 2001
Posts: 153
This is an explanation from SCWCD@Whiz:
"Data Integrity - The means used to ensure that information is made available only to users who are authorized to access it..."
Can somebody explain why this is Data Integrity instead of Authorization?
Paul Anilprem
Enthuware Software Support
Ranch Hand

Joined: Sep 23, 2000
Posts: 3314
    
    8
There might be some mix up. It is indeed authorization.
-Paul.
------------------
SCJP2, SCWCD Resources, Free Question A Day, Mock Exam Results and More!
www.jdiscuss.com
Get Certified, Guaranteed!
JQPlus - For SCJP2
JWebPlus - For SCWCD
JDevPlus - For SCJD


Enthuware - Best Mock Exams and Questions for Oracle/Sun Java Certifications
Quality Guaranteed - Pass or Full Refund!
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Hi, Allan and Paul,
To make it clear:
1. User Authentication: the process performed to verify that a user is who he says he is. Authentication is the process by which you determine a user's identity; ---I am Huzhu Lin
2. Authorization: the process by which we determine what actions a particular user can perform. ---I can post a new topic under my name. I can post a reply under my name. �
3. Data Integrity: the means used to prove that information has not been modified by a third party while in a transit. --- Only Huzhu Lin can post or edit a topic under his name. �
To make it simpler:
Authorization --- What actions can I perform?
Data Integrity --- Who are authorized to manipulate me (the Data)?
To this point, it should be no problem to accept:
"Data Integrity - The means used to ensure that information is made available only to users who are authorized to access it..."

-------------------------------------------------
Huzhu Lin
Sun Certified Programmer for the Java� 2 Platform
Paul Anilprem
Enthuware Software Support
Ranch Hand

Joined: Sep 23, 2000
Posts: 3314
    
    8
Originally posted by Huzhu Lin:
Data Integrity --- Who are authorized to manipulate me (the Data)?

That's not correct at all. Data Integrity simply means making sure that the data is not tampered with in transit. Nobody can check whether sombody can modify it or not while the data is in transit. Checks happen only when the data reaches the client/server (end points). Data Integrity is meant for the time when nobody can "guard" the data.
------------------
SCJP2, SCWCD Resources, Free Question A Day, Mock Exam Results and More!
www.jdiscuss.com
Get Certified, Guaranteed!
JQPlus - For SCJP2
JWebPlus - For SCWCD
JDevPlus - For SCJD

[This message has been edited by Paul Anil (edited October 22, 2001).]
Paul Anilprem
Enthuware Software Support
Ranch Hand

Joined: Sep 23, 2000
Posts: 3314
    
    8
Originally posted by Huzhu Lin:
3. Data Integrity: --- Only Huzhu Lin can post or edit a topic under his name. �

A big NOOOO. It means making sure whatever message Huzhu Lin sent arrived at the destination without any changes. There is no authorization issue here. Once Huzhu Lin sends the data, even he cannot change/modify/tamper it while it is in transit without raising a red flag!
------------------
SCJP2, SCWCD Resources, Free Question A Day, Mock Exam Results and More!
www.jdiscuss.com
Get Certified, Guaranteed!
JQPlus - For SCJP2
JWebPlus - For SCWCD
JDevPlus - For SCJD
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Hi, Paul,
Please refer to the link: http://searchdatabase.techtarget.com/sDefinition/0,,sid13_gci518970,00.html
Quote:
"Integrity, in terms of data and network security, is the assurance that information can only be accessed or modified by those authorized to do so. Measures taken to ensure integrity include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can also be threatened by environmental hazards, such as heat, dust, and electrical surges."

-------------------------------------------------
Huzhu Lin
Sun Certified Programmer for the Java� 2 Platform
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Huzhu,
You are right. I agree with you. At times I was confused with this problem too.
Bob
Paul Anilprem
Enthuware Software Support
Ranch Hand

Joined: Sep 23, 2000
Posts: 3314
    
    8
Originally posted by Huzhu Lin:
"Integrity, in terms of data and network security, is the assurance that information can only be accessed or modified by those authorized to do so."

Ok, then what is Authorization?
I am sorry, I disagree with the source that you've mentioned.

------------------
SCJP2, SCWCD Resources, Free Question A Day, Mock Exam Results and More!
www.jdiscuss.com
Get Certified, Guaranteed!
JQPlus - For SCJP2
JWebPlus - For SCWCD
JDevPlus - For SCJD
Allan Moster
Ranch Hand

Joined: Sep 14, 2001
Posts: 153
I am more confused now! Any other explanations?
Anonymous
Ranch Hand

Joined: Nov 22, 2008
Posts: 18944
Hi Paul,
The point is:
With authentication, the subject is the PERSON.
With data integrity, the subject is the DATA.
-------------------------------------------------
Huzhu Lin
Sun Certified Programmer for the Java� 2 Platform
Carl Trusiak
Sheriff

Joined: Jun 13, 2000
Posts: 3340
Consult the Servlet Specs:
Section SRV.12.1 Introduction [to Security] page 80
Authentication: The means by which communicating entities prove to one another that they are acting on behalf of specific identities that are authorized for access.
Access control for resources: The means by which interactions with resources are limited to collections of users or programs for the purpose of enforcing integrity, confidentiality, or availability constraints.
Data Integrity: The means used to prove that information has not been modified by a third party while in transit.
Confidentiality or Data Privacy: The means used to ensure that information is made available only to users who are authorized to access it.
Paul is right.


------------------
I Hope This Helps
Carl Trusiak, SCJP2, SCWCD


I Hope This Helps
Carl Trusiak, SCJP2, SCWCD
Peter Masreblta
Ranch Hand

Joined: Oct 05, 2001
Posts: 51
Hi all,
Paul is right.
Data integrity is not directly related to security.
Data integrity means that data needs to be kept in sync.
When one needs to change more than one items, those items need to be changed at the same time without being changed by a third party in the middle.
In database term, this is called a transaction.
Pradeep Chopra
Ranch Hand

Joined: Nov 19, 2000
Posts: 219
Dear Allan,
Thanks for your feedback.
Yes, it was a mix-up and has already been corrected.
Carl is correct with his definition of terms as written in Specs.
Thanks and regards
Pradeep
Java Certification Test Simulators � J@Whiz, SCWCD@Whiz http://www.whizlabs.com/jwhiz

Whizlabs Software<br />Success, certified!<br /> <br />Web: <a href="http://www.whizlabs.com" target="_blank" rel="nofollow">http://www.whizlabs.com</a>
 
Don't get me started about those stupid light bulbs.
 
subject: Data Integrity vs Authorization