This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
Database security
- Next message (by thread): Database security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Barak Engel
barak at netvision.net.il
Mon Jan 4 16:22:02 CET 1999
Hello all, I am new to this mailing list, so please forgive me if I do not adhere to established processes. I promise to learn as we go on :-) The issue I would like to bring up is that of database security, namely, the fact that the database is completely accessible by anyone. Why do I propose that this is a problem? Let us, for the sake of this example, consider two fictive companies, NetISP and ISPNet. Both are ISP's, and they compete over market share in their country. As you are aware, a full customer list is considered very useful information in industrial espionage in this field, something that one company would most certainly not want to reveal to the other. Yet, with the RIPE DB open for prying eyes, both ISPs could easily gain this info. Alright, you say, so what? Both suffer from the same disadvantage, right? Well, not really. Following are just two scenarios I cooked up to explain why: 1) NetISP has been in the market for four years. ISPNet is new, and is interested primarily in market share. Since this is their focus, being new, they can allow themselves the luxury of selling at losing prices, in an effort to establish a market share. Looking at the RIPE DB, they can immediately find all the customers of NetISP, and try to "steal" them away. NetISP, however, has no such option. 2) NetISP got RIPE allocations, while ISPNet got other allocations. Why? It happens. In Israel, for example, the range 192.114.0.0-192.118.255.255 can be allocated without having to update the RIPE DB. Assume for a moment that NetISP have RIPE allocated IPs, while ISPNet have those "special" IPs. Only the latter will be able to check on the former. Again NetISP will lose. I suggest that some security feature be added to the database. Maybe hide some fields with a password, or make the retrieval utility more secure. There is a serious business problem here that I feel needs to be resolved. Many 10x, Sincerely, \'"'/ Barak Engel ( o o ) ---------------------ooOO-^-oOOo--------------------------- barak at netvision.net.il Network Expert BE-RIPE BE174 Phone/Fax: +972 48 560600/551132 Cellular: +972 50 469 341 -----------------------------------------------------------
- Next message (by thread): Database security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]