This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

Database security

Next message (by thread): Database security

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Barak Engel barak at netvision.net.il
Mon Jan 4 16:22:02 CET 1999

Hello all,

 I am new to this mailing list, so please forgive me if I do not adhere to
established processes. I promise to learn as we go on :-)

 The issue I would like to bring up is that of database security, namely, the
fact that the database is completely accessible by anyone.

 Why do I propose that this is a problem? Let us, for the sake of this example,
consider two fictive companies, NetISP and ISPNet. Both are ISP's, and they
compete over market share in their country.
 As you are aware, a full customer list is considered very useful information in
industrial espionage in this field, something that one company would most
certainly not want to reveal to the other. Yet, with the RIPE DB open for prying
eyes, both ISPs could easily gain this info.
 Alright, you say, so what? Both suffer from the same disadvantage, right? Well,
not really. Following are just two scenarios I cooked up to explain why:

1) NetISP has been in the market for four years. ISPNet is new, and is
interested primarily in market share. Since this is their focus, being new, they
can allow themselves the luxury of selling at losing prices, in an effort to
establish a market share. Looking at the RIPE DB, they can immediately find all
the customers of NetISP, and try to "steal" them away. NetISP, however, has no
such option.

2) NetISP got RIPE allocations, while ISPNet got other allocations. Why? It
happens. In Israel, for example, the range 192.114.0.0-192.118.255.255 can be
allocated without having to update the RIPE DB. Assume for a moment that NetISP
have RIPE allocated IPs, while ISPNet have those "special" IPs. Only the latter
will be able to check on the former. Again NetISP will lose.

 I suggest that some security feature be added to the database. Maybe hide some
fields with a password, or make the retrieval utility more secure. There is a
serious business problem here that I feel needs to be resolved.

 Many 10x,

  Sincerely,            \'"'/
     Barak Engel       ( o o )
---------------------ooOO-^-oOOo---------------------------
barak at netvision.net.il    Network Expert    BE-RIPE   BE174
Phone/Fax: +972 48 560600/551132  Cellular: +972 50 469 341
-----------------------------------------------------------

Next message (by thread): Database security

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]