|
|
Sponsored Content
Special Forums
Cybersecurity
IT Security RSS
Integrity
Post 302465463 by Linux Bot on Friday 22nd of October 2010 01:15:03 PM
10-22-2010
Integrity
As professionals, we focus a great deal on integrity, both professional/personal, as well as data integrity. However, I think the two are intertwined inexorably. But, that's a post for a different time.
For now, about data integrity, particularly data feed integrity.
I've asked business partners, colleagues, peers and vendors, and get the same answer, I don't think it's just me. Developers and system integrators have gotten so lazy and used to reliable communications, that it seems developers no longer consider data integrity components of value when developing their applications and reading/writing external resources. This, naturally, creates a ripe target for vulnerability exploits through the use of fuzzers, and also a soft-underbelly that seems rather easily missed by testers.
So, pardon the curmugeonly stance, but I'm crying fowl1. Developers MUST get their ducks in a row when it comes to data integrity! Batch totals, hash totals, trial sums, header/trailer records, file locking and semaphores, validation on access of any resource, record counts, signed hash, all of these are necessary, yet it seems a lost art.
What is your experience? Do you also find developers and integrators woefully deficient in ensuring processing file integrity?
1- yes, spelling is intentionally munged. Please don't comment and cry foul. Or fowl.
More...
For now, about data integrity, particularly data feed integrity.
I've asked business partners, colleagues, peers and vendors, and get the same answer, I don't think it's just me. Developers and system integrators have gotten so lazy and used to reliable communications, that it seems developers no longer consider data integrity components of value when developing their applications and reading/writing external resources. This, naturally, creates a ripe target for vulnerability exploits through the use of fuzzers, and also a soft-underbelly that seems rather easily missed by testers.
So, pardon the curmugeonly stance, but I'm crying fowl1. Developers MUST get their ducks in a row when it comes to data integrity! Batch totals, hash totals, trial sums, header/trailer records, file locking and semaphores, validation on access of any resource, record counts, signed hash, all of these are necessary, yet it seems a lost art.
What is your experience? Do you also find developers and integrators woefully deficient in ensuring processing file integrity?
1- yes, spelling is intentionally munged. Please don't comment and cry foul. Or fowl.
More...
|
|
8 More Discussions You Might Find Interesting
1. Solaris
Hi,
I have two NFS shares mounted on a solaris system.
share1 and share2 , both are from different NFS servers
share1 has 500GB of data
share 2 is empty. I am copying all the data from share1 to share2.
It is like migrating the data from one NFS share to another.
Is there... (8 Replies)
Discussion started by: athreyavc
8 Replies
2. Cybersecurity
Hello friends
I have an CentosOS 5 box running Apache, I want to Install a powerful File Integrity checker with recovery option to maintain any changes may be happened without my hand
Could you help me to recommend such solution
Thanks (3 Replies)
Discussion started by: reaky
3 Replies
3. Shell Programming and Scripting
Hi everyone,
I have a script that takes command line entries, for example
# script.sh 1 "2" 3 4 "5"
I want to be able to maintain the integrity of this command line such that it is processed with the double quotes i.e.:
VAR1=1
VAR2="2"
VAR3=3
VAR4=4
VAR5="5"
The double-quotes... (2 Replies)
Discussion started by: procux
2 Replies
4. Shell Programming and Scripting
Hi friends
I need copied 100gd of data to other Solaris server. Could anyone help me guiding appropriate way of checking data integrity at source and destination so can I delete the data at source location . How can print/check cksum of individual file in each folder and match it with... (7 Replies)
Discussion started by: hk_kamozalwar
7 Replies
5. UNIX for Dummies Questions & Answers
How can I ensure the folder that I tar and compress is good to be archive in DVD or tape? Must I uncompress and untar the file, or there is any way to tell the integerity of the compressed file before send to archive? I have bad experience on this, which the archive compressed file cold not be... (2 Replies)
Discussion started by: vivien_chu
2 Replies
6. HP-UX
Hello,
I am looking into HP-UX 11.31 VMs and I had a few questions.
We own two systems with 11.31 installed on them:
HP 9000 rp3440 (RISC)
- 2gb memory
- 2 processors
HP Integrity rx2660 (Itanium)
- 8gb memory
- 4 processors
Looking at the memory requirements in the Integrity VM... (4 Replies)
Discussion started by: bstring
4 Replies
7. UNIX for Dummies Questions & Answers
Hello
I thought of different ways of integrity check for the backup and look for the fastest approach to start programming.
in all these approaches randomness is used.
I would appreciate if someone give more suggestions or correct me.
1- Machine Name Check We can check if the machines were... (5 Replies)
Discussion started by: frhling
5 Replies
8. HP-UX
Hi
I bought an old server hp rx4640 for 160$ on the online auction, but I do not have the cd with the operating system for it.
Can you tell me if there is any way to obtain CDs with HP-UX form HPE?
What kind of version can I get from HPE? Do I have to pay for it?
Do you I have to buy a cd... (3 Replies)
Discussion started by: gbudny
3 Replies
LEARN ABOUT XFREE86
systemd-veritysetup-generator
SYSTEMD-VERITYSETUP-GENERATOR(8) systemd-veritysetup-generator SYSTEMD-VERITYSETUP-GENERATOR(8) NAME
systemd-veritysetup-generator - Unit generator for integrity protected block devices SYNOPSIS
/lib/systemd/system-generators/systemd-veritysetup-generator DESCRIPTION
systemd-veritysetup-generator is a generator that translates kernel command line options configuring integrity protected block devices (verity) into native systemd units early at boot and when configuration of the system manager is reloaded. This will create systemd- veritysetup@.service(8) units as necessary. Currently, only a single verity device may be se up with this generator, backing the root file system of the OS. systemd-veritysetup-generator implements systemd.generator(7). KERNEL COMMAND LINE
systemd-veritysetup-generator understands the following kernel command line parameters: systemd.verity=, rd.systemd.verity= Takes a boolean argument. Defaults to "yes". If "no", disables the generator entirely. rd.systemd.verity= is honored only by the initial RAM disk (initrd) while systemd.verity= is honored by both the host system and the initrd. roothash= Takes a root hash value for the root file system. Expects a hash value formatted in hexadecimal characters, of the appropriate length (i.e. most likely 256 bit/64 characters, or longer). If not specified via systemd.verity_root_data= and systemd.verity_root_hash=, the hash and data devices to use are automatically derived from the specified hash value. Specifically, the data partition device is looked for under a GPT partition UUID derived from the first 128bit of the root hash, the hash partition device is looked for under a GPT partition UUID derived from the last 128bit of the root hash. Hence it is usually sufficient to specify the root hash to boot from an integrity protected root file system, as device paths are automatically determined from it -- as long as the partition table is properly set up. systemd.verity_root_data=, systemd.verity_root_hash= These two settings take block device paths as arguments, and may be use to explicitly configure the data partition and hash partition to use for setting up the integrity protection for the root file system. If not specified, these paths are automatically derived from the roothash= argument (see above). SEE ALSO
systemd(1), systemd-veritysetup@.service(8), veritysetup(8), systemd-fstab-generator(8) systemd 237 SYSTEMD-VERITYSETUP-GENERATOR(8)