Forum:

Web Component Certification (OCEJWCD)

Confidentiality

Chandra Bhatt

Ranch Hand

Posts: 1710

posted 15 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

This question is from Marcus Green mock exam:

Confidentiality can be defined as information is not made available or
disclosed to unauthorized persons or processes.

True/False

Answer says false. I have doubt in that.

Please confirm!

Thanks,

cmbhatt

khushhal yadav

Ranch Hand

Posts: 242

I like...

posted 15 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Hi Chandra

It's Ok. It will be false only. As Confidentiality means no Eavesdropping.
Whatever statement is given that pertains to Authorization.

Regards,
Khushhal

rgrds,
Khushhal

Chandra Bhatt

Ranch Hand

Posts: 1710

posted 15 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Hi khushhal,

Doesn't that mean, the information is not disclosed to unauthorized
person or process? The information is confidential and not visible to
unauthorized person or process.

Thanks,
[ August 07, 2007: Message edited by: Chandra Bhatt ]

cmbhatt

khushhal yadav

Ranch Hand

Posts: 242

I like...

posted 15 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

See Chandra

Authorization is all about maintaining the confidentiality and integrity of data stored on the server by preventing illegal or unauthorized access.

But Confidentiality and data integrity comes into play during the transmission of data between client and servet to prevent it from being manipulated or exposed to third party or Eavesdropper. And that's what when we talk about data integrity or confidentiality.

Data integrity and confidentiality pertain to protection of data during transmission.For that we have different protocols like HTTPS. It's about <user-data-constraint> element of <security-constraint>.
While Authorization pertains to the protection of data on server side. It's about <web-resource-collection> element of <security-constraint>.

Regards,
Khushhal

rgrds,
Khushhal

Srinivasan thoyyeti

Ranch Hand

Posts: 558

posted 15 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Hi Chandra,

In that question Author is looking the definition of confidentiality.
If you have gone though web security chapter, it would have sound simple to you.

Thanks & Regards, T.Srinivasan
SCWCD 1.4(89%), SCJP 5.0(75%)

Chandra Bhatt

Ranch Hand

Posts: 1710

posted 15 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Khusshal: I agree with what you say.
Confidentiality is all about hiding data from the eavesdropper along the
data transmission channel, who intend to read data unauthentically. Whereas the original statement is concerned about authorization of the resource
on the server machine that we save by setting <security-constraint>
<web-resource-collection> <http-method> ...

Strini
That is right. Author is trying to ask the definition of confidentiality.
Finally I conclude with the demarcation of protecting resources staying on
the server and protecting data traveling along the communication medium.

Am I correct?

Thanks,

cmbhatt

Did you see how Paul cut 87% off of his electric heat bill with 82 watts of micro heaters?