Edition 3
By George Coulouris, Jean Dollimore and Tim Kindberg
Addison-Wesley, ©Pearson Education 2001
1.9 Suppose that the operations of the BLOB object are separated into two categories – public
operations that are available to all users and protected operations that are available only to certain
named users. State all of the problems involved in ensuring that only the named users can use a
protected operation. Supposing that access to a protected operation provides information that
should not be revealed to all users, what further problems arise?
1.9 - Answer
Each request to access a protected operation must include the identity of the user making the request. The
problems are:
• defining the identities of the users. Using these identities in the list of users who are allowed to access
the protected operations at the implementation of the BLOB object. And in the request messages.
• ensuring that the identity supplied comes from the user it purports to be and not some other user
pretending to be that user.
• preventing other users from replaying or tampering with the request messages of legitimate users.
Further problems.
• the information returned as the result of a protected operation must be hidden from unauthorised users.
This means that the messages containing the information must be encrypted in case they are intercepted
by unauthorised users.
If you found the answer useful, please visit my other website. Exercise or Fitness Training has huge psychological and physical benefits. Train and dress up for the occasion.