1

Imagine a CMS with authentication where the author of each article has to be stored in the database. Now I want to make it harder to analyze (by crawling or stealing the database) who has written which article, while at the same time keeping that information for each user, so each user can see which articles he has written but not which articles where written by others.

Is such a system possible?

One idea is to generate a large number of "fake" users that are associated with an original user. When he posts, one of the fake users may be stored as the authors instead of his real id. However, the association has to be stored securely/encrypted somehow and the only way I can imagine this at the moment is encrypting this info with the user password. If the users chose weak passwords, the association information can be brute-forced when the database is stolen.

Any other ideas?

chiborg
  • 643
  • 1
  • 6
  • 12
  • do you mean that if someone has unauthorized access to your database, he still should not be able to find out which user wrote which article? you could storethis information (name of the author) encrypted and store the key for decrypting somewhere else. if the attacker will be able to gain this key as well, then there'S something wrong with your security and i would be concerned in general... – Philipp Murry Jun 18 '14 at 22:03
  • I was always imagining "If someone can steal the database", he will most likely be able to steal any file on the computer. So I'm quite reluctant to just encrypt the info and keep the decryption key on the same machine. Any tips on how to keep them on the same machine in a secure fashion? – chiborg Jun 18 '14 at 22:09
  • 1
    if the attacker only has access to the database but no control over the process that reads the key (like the webserver), then you could store the key file on the machine. if the attacker controls the whole application, then he can gain the author information by just repeating what the application would do. i don't know how you would be able to detain an attacker from getting sensitive information without adding another layer of security. you're essentially asking "how can i prevent an attacker from reading my information when he has access to all my information" – Philipp Murry Jun 19 '14 at 07:11

0 Answers0