Win a copy of Spring Boot in Practice this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

Confidentiality

 
Ranch Hand
Posts: 1710
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This question is from Marcus Green mock exam:


Confidentiality can be defined as information is not made available or
disclosed to unauthorized persons or processes.



True/False

Answer says false. I have doubt in that.

Please confirm!

Thanks,
 
Ranch Hand
Posts: 242
Mac Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Chandra

It's Ok. It will be false only. As Confidentiality means no Eavesdropping.
Whatever statement is given that pertains to Authorization.

Regards,
Khushhal
 
Chandra Bhatt
Ranch Hand
Posts: 1710
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi khushhal,

Doesn't that mean, the information is not disclosed to unauthorized
person or process? The information is confidential and not visible to
unauthorized person or process.


Thanks,
[ August 07, 2007: Message edited by: Chandra Bhatt ]
 
khushhal yadav
Ranch Hand
Posts: 242
Mac Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
See Chandra

Authorization is all about maintaining the confidentiality and integrity of data stored on the server by preventing illegal or unauthorized access.

But Confidentiality and data integrity comes into play during the transmission of data between client and servet to prevent it from being manipulated or exposed to third party or Eavesdropper. And that's what when we talk about data integrity or confidentiality.

Data integrity and confidentiality pertain to protection of data during transmission.For that we have different protocols like HTTPS. It's about <user-data-constraint> element of <security-constraint>.
While Authorization pertains to the protection of data on server side. It's about <web-resource-collection> element of <security-constraint>.

Regards,
Khushhal
 
Ranch Hand
Posts: 558
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Chandra,

In that question Author is looking the definition of confidentiality.
If you have gone though web security chapter, it would have sound simple to you.
 
Chandra Bhatt
Ranch Hand
Posts: 1710
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Khusshal: I agree with what you say.
Confidentiality is all about hiding data from the eavesdropper along the
data transmission channel, who intend to read data unauthentically. Whereas the original statement is concerned about authorization of the resource
on the server machine that we save by setting <security-constraint>
<web-resource-collection> <http-method> ...


Strini
That is right. Author is trying to ask the definition of confidentiality.
Finally I conclude with the demarcation of protecting resources staying on
the server and protecting data traveling along the communication medium.


Am I correct?

Thanks,
reply
    Bookmark Topic Watch Topic
  • New Topic