Security
IA3:
Some ways to do this are:
- Analyse data privacy and data integrity risks associated with transferring data between applications.
- Encryption and authentication strategies appropriate for securing data transmissions and their differences.
- Factors and risks that affect data security, including confidentiality, integrity and availability, and privacy.
- Success criteria to appraise the implementation, e.g. protection, security and interactions.
Password DB Example - Security
|
Due to the nature of this project, it will not be possible to hash the passwords since they need to be displayed. This means that the only way to make the database secure would be to encrypt the entire database. Unfortunately, this is outside the scope of the current project which means that the data is not secure. Normally to improve the security passwords should be stored only after they have had salt added and then been hashed using an algorithm like MD5. The salt stops rainbow tables from working (Hill, 2021) and the MD5 algorithm is a one-way algorithm which means that hackers can only brute force the password.
That being said other security can be implemented in the system. The password can be changed, and it hasn't been hard coded. this allows users to update the password if it has been compromised. The password is hidden by default which prevents other people nearby from seeing your password. The database has been normalised which should reduce data anomalies from corrupting the database.
Since limited information is stored and it is only stored on the user's device there are no privacy laws to be concerned with. The risks are that someone will open up the database in another program and can then access all the passwords stored in the system. |