[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]





 "http://www.w3.org/TR/html4/loose.dtd">

<li>date: Fri Jan 23 14:33:45 2004</li>
<li>from: dhurst at kennesaw.edu (Dow Hurst)</li>
<li>in-reply-to: <<a href="msg00956.html">[email protected]</a>></li>
<li>references: <<a href="msg00956.html">[email protected]</a>></li>
<li>subject: [ale] [OT] securing sensitive data</li>

J.M. Taylor wrote:
&gt; All:
&gt; 
&gt; I'm building an application that at the very minimum needs to be HIPAA 
&gt; compliant (HIPPAA? i can't remember the stupid acronym).  I have the 
&gt; luxury of a private, non-internet-connected network and plan to do a hardened 
&gt; linux server running mysql to store the data.  As to the front-end, I 
&gt; would prefer a web app but it's up to my client and how they feel that 
&gt; would be percieved security-wise.  If I don't do a web app, I'm going to 
&gt; do a perlTK app, because I know I can secure either of those things.  The 
&gt; clients are all Windows of various vintages.  Physical security is nearly 
&gt; nil, but I can probably manage to store the server in a locked closet.
&gt; 
&gt; Now. Here's the fun part.  Everybody has access to certain sensitive data, 
&gt; and only certain people have access to other sensitive data.  I would 
&gt; ideally like to keep all sensitive data encrypted (PGP/GPG) in the 
&gt; database.  My first quandry is -- putting a private key on the client machine 
&gt; seems like a BAD and non-secure method of protecting the data.  I'm almost 
&gt; equally nervous about storing their private keys on the server, which at 
&gt; least I know will be maintained primarily by me.  
&gt; 
&gt; My second quandry is, how on earth do I protect both shared and 
&gt; individualized sensitive data?  Would just a shared secret key and 2-way 
&gt; encryption be enough for the shared data?   
&gt; 
&gt; My third quandry is, if I store all the data encrypted, searching will be 
&gt; an absolute nightmare.  Encrypting and decrypting will be expensive, 
&gt; and when I say &quot;linux server&quot; I mean a discared PII400 with 512Mb RAM 
&gt; at absolute best.  The app is only going to be used by a couple dozen 
&gt; people, but still...12 people simultaneously trying to encrypt and 
&gt; decrypt would be horrible.
&gt; 
&gt; I know nothing about this kind of thing...I know what to be worried about, 
&gt; but I'm totally tying myself up in knots trying to sort all of this out.  
&gt; Any resources, pointers to howtos, thoughts and experiences would be 
&gt; greatly appreciated.
&gt; 
&gt; Thanks
&gt; Jenn
&gt; 
&gt; 
&gt; _______________________________________________
&gt; Ale mailing list
&gt; Ale at ale.org
&gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt; 

-- 
__________________________________________________________
Dow Hurst                  Office: 770-499-3428            *
Systems Support Specialist    Fax: 770-423-6744            *
1000 Chastain Rd. Bldg. 12                                 *
Chemistry Department SC428  Email:   dhurst at kennesaw.edu   *
Kennesaw State University         Dow.Hurst at mindspring.com *
Kennesaw, GA 30144                                         *
************************************************************
This message (including any attachments) contains          *
confidential information intended for a specific individual*
and purpose, and is protected by law.  If you are not the  *
intended recipient, you should delete this message and are *
hereby notified that any disclosure, copying, distribution *
of this message, or the taking of any action based on it,  *
is strictly prohibited.                                    *
************************************************************


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00962" href="msg00962.html">[ale] [OT] securing sensitive data</a></strong>
<ul><li><em>From:</em> freemyer-ml at NorcrossGroup.com (Greg Freemyer)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00956" href="msg00956.html">[ale] [OT] securing sensitive data</a></strong>
<ul><li><em>From:</em> jtaylor at onlinea.com (J.M. Taylor)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00958.html">[ale] [OT] securing sensitive data</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00960.html">[ale] Linux utility to read/convert ClarisWorks files?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00958.html">[ale] [OT] securing sensitive data</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00962.html">[ale] [OT] securing sensitive data</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00959"><strong>Date</strong></a></li>
<li><a href="threads.html#00959"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>

Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]
Index(es):
- Date
- Thread