I'd still set up a web server at the customer site in their server room
where there is some physical security. If you can't trust anyone at the
customer site, you don't have much hope.

You'd still want the kiosk to be a web browser and then you'd spend all
of your efforts securing the web server. The full disk encryption I've
heard about it requires someone to be there to enter the password at
boot time.

Hugh

Ahmed Kamal wrote:
> Well, the situation is complicated, but basically the code and data have to
> live on the customer's side. Please assume that and let me know of any
> tweaks I can use to protect against (or make difficult) data theft off of
> that
>
> On Jan 18, 2008 6:18 PM, Hugh Brown <hbrown@(protected):
>
>> The data is your concern. None of the data that you care about should
>> live on the kiosk box, ever.
>>
>> The usual way of dealing with this is to have the kiosk box be a web
>> browser and nothing else. When the kiosk boots, it automatically starts
>> a web browser. If someone exits out of the browser, there's a minimal
>> windowing environment that can't do anything else but restart the web
>> browser.
>>
>> The web browser points to a web server that you control. The web server
>> has your code and it is written well and securely so that data leaks
>> can't happen. The database lives on a box separate from the web server
>> and only the web server can talk to it.
>>
>> How exactly do you envision data theft?
>>
>> HTH,
>>
>> Hugh
>>
>> Ahmed Kamal wrote:
>>> oh! No, the hardware is *not* my concern. It's the data! Let me quickly
>>> recap. Let's try points this time
>>>
>>> - The Linux system I build will be on someone else's network (mostly
>> other
>>> potentially hostile companies)
>>> - The system provides a web interface to a database that users should
>> access
>>> & use
>>> - The users should not be able to steal/mount the disk, to dump my
>> database
>>> or look at my code
>>> - I know such setup will never be 100% secure, I just need to make
>> stealing
>>> the data as hard as possible
>>>
>>> Hope that's clear. I apologize if I was not too clear earlier
>>>
>> _______________________________________________
>> rhelv5-list mailing list
>> rhelv5-list@(protected)
>> https://www.redhat.com/mailman/listinfo/rhelv5-list
>>
>>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> rhelv5-list mailing list
> rhelv5-list@(protected)
> https://www.redhat.com/mailman/listinfo/rhelv5-list

--
System Administrator
DIVMS Computer Support Group

University of Iowa
Email: hbrown@(protected)
Voice: 319-335-0748

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list