Using rlimit (And Why You Should)
I’ve been going through some old notes and came across a reminder of setrlimit(2). This is a C system call that allows an application to specify resource limitations on a number of important...
View ArticleDatabase Threat Models
I finally have a breather and can start working through my backlog of ideas. I start with some background that will make the motivation for subsequent posts clearer. What are the threat models for the...
View ArticleAdding OpenSSL User-Defined Types to PostgreSQL
PostgreSQL supports user-defined types (UDT). These types can be used to provide type-safety on user-defined functions when we would otherwise be forced to use simple BLOB objects. This comes at a...
View ArticleSigning Digital Certificates with OpenSSL Library
While working on the pgopenssltypes extension I realized that I haven’t discussed how to sign digital certificates using the OpenSSL library. (At least I don’t recall doing so – I might have discussed...
View ArticleLessons from BIBIFI
I haven’t posted in a while since I’ve been very busy. Coursera classes on computer security, cloud computing and geospatial technologies, corporate initiatives, even an Amazon Web Services...
View ArticleAuto-encrypting Serializable Classes
A crazy idea came up during the post-mortem discussions in the Coursera security capstone project. Can a class encrypt itself during serialization? This is mostly an academic “what if” exercise. It is...
View ArticleAn Alternate Way To Get A Key: Key Servers
I’ve previously mentioned providing an encryption key via a JNDI value provided by an appserver, or better yet splitting the key between that JNDI value and a file outside of the webapp directory. A...
View ArticleStoring X.509 Digital Certificates (And Other Messy Things)
We often need to store structured binary data in our database – images, pdf documents, etc., but also have a need to search by, or index on, attributes of that data. E.g., we might store the height and...
View ArticleWhy You Should Encrypt ALL Personally Identifiable Information (PII)
Many critics have pointed out that Ashley Madison should have encrypted all personally identifiable information (PII). The database contained sensitive information that would cause harm to users if it...
View Article