[Cisspstudy] Databases and cryptography

[Andrea Gatta]

Hi there,
I am wondering if anyone could shed a light on the following question (and
answer):

In terms of databases, cryptography can:

- only restrict and reduce availability

- improve availability by allowing data to be easily placed where authorized
users can access it

- improve availability by increasing the granularity of the access controls


- neither reduce or improve availability


As far as the author of the question is concerned the correct answer is:
"improve availability by allowing data to be easily placed where authorized
users can access it"

The only reason I can think of for the answer to have a sense is that
cryptography protects a resource from unauthorized users access through the
mean of concealing its content.

With a very long shot one could say that the resource would be "available"
just to authorizaed users. Which means that this question uses
"availability" in a very extensive - and I would add divious - way.

As far as I am concerned encryption does provide confidentiality and
integrity as natural security services.

Thoughts ?

Thanks
Andrea
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090920/84a1a000/attachment.html>