Awesome, thanks for the kind words! Happy to help
Nonetheless.. I appreciate your prompt, detailed, technical responses and that makes me and my team more confident in using BaseX in present and similar future scenarios. I'd keep you all posted on the progress we make on this proof of concept and the pathway to productize this.
Regards, N.D.
On Fri, Sep 26, 2014 at 1:34 PM, Dirk Kirsten dk@basex.org wrote:
Hello Nilanjan,
thanks; this explanation helped and I think I now fully understand your requirements and application. Still, I would argue that encryption is not necessary and not what you really need.
You would use encryption is not allowed to see an information. However, in your case you want your use to use this information, but not the plain file but via your application instead. So this is an access control problem, not an encryption problem.
How do you plan to read these XML files later? I would guess you use BaseX for this as well (and if not I would recommend it for this scenario). So instead of just sending the user the zipped version of the XML files, require them to load this XML data in BaseX. As Marco has pointed out, the XML files are then parsed and stored in a binary format. If you open them using a text editor, you will just see scrambled data. The same would be true for opening an encrypted zip file, so there is really no difference in terms of tempering from your users.
You could encrypt parts of your XML using our cryptographic module ( http://docs.basex.org/wiki/Cryptographic_Module), although this suffers from the same problem as your original encryption idea: It would not be truly secure, because you have to store the key somewhere. As you want to decrypt the data in some point, you need the key. As you have no online connection, the key has to be stored where the application is stored, i.e. your user will always be able to access this key (it might be more complicated if you obfuscate it, but it adds no theoretical value). So if it adds nothing, why bother using it?
Cheers, Dirk
On 09/25/2014 07:45 PM, Nilanjan Dutta wrote:
These XML files actually would contain some algorithm which would help
him
to decode and analyse some log files. So the necessity of making these
XML
file encrypted is even more important for us.
Regards, N.D.
On Thu, Sep 25, 2014 at 11:13 PM, Nilanjan Dutta < nilanjan.dutta.india@gmail.com> wrote:
Thanks again for the detailed response.
Yes Dirk, in this data transfer module of the project use case is like this: We create some data (in this case it is that xml) in server and
dump
it into the client machine. This XML data he uses to analyse some log
files
which he would mostly get from a remote location . So for him, this XML data works like a knowledge-base to analyse that log file. During this analysis he may or may not be connected to the internet (he may even
choose
to be offline-as per requirement) and hence we need to enable him
having
the XML data in his local always. As in when we get any update on the
XML
data we use this module to automatically update his/her local knowledge base through that service (wcf) too.
I also understand that these files are not accessible in normal way without BaseX, but to avoid any data loss by any means, wanted this to
be
encrypted in such a way that without programmatic intervention they can never be opened.
Regards, N.D.
On Thu, Sep 25, 2014 at 6:11 PM, Dirk Kirsten dk@basex.org wrote:
So, if I understand you correctly, you have not a real client/server application in a way that your application simply sends queries to a server, but instead your server does some processing and then exports files to a user. Is this correct?
And you want these processed XML files to be zipped and encrypted? I think our ZIP module (see https://docs.basex.org/wiki/ZIP_Module)
does
not support encryption (this could be an interesting extension for the EXPath spec), so you might want to use some 3rd party tool to put your exported XML files into an encrypted zip file.
I am quite surprised by this unusual environment. Is there any reason why you want your XML data to be exported to the user instead of
simply
having all your data at the server and the client just accessing the data? I could only imagine this usefule in a scenario with limited connectivity to the database server (e.g. a mobile application).
On 25/09/14 14:33, Nilanjan Dutta wrote:
Sorry if I'm not able to clear the confusion.
It's not the source XML files which I want to encrypt. I want to
encrypt
the resulting DB files -which I'd get after feeding the original XML
file
to BaseX -instead. And I don't want my users to be able to access
those
DB
files when it reaches to the client machine and stays there. Server
he
can
not access since it is protected with authentication protocol. What this tripe DES encryption does is it makes it inaccessible.
e.g. I
created one xml file and encrypted it with triple DES file and
zipped it
and placed in one of my client's machine. When he tries to open the
zip
he
gets this message : [image: Inline image 1]
I'm looking for something similar that makes those DB files
inaccessible in
client's machine.
Regards, N.D.
On Thu, Sep 25, 2014 at 5:54 PM, Dirk Kirsten dk@basex.org wrote:
> I still don't really get it. Maybe it is just me, but I don't get
the
> concept. ".NET Triple DES encryption" to me is just a standard > encryption algorithm and does not describe any concept to me (I
have no
> knowledge of .NET, but google didn't indicate otherwise). > > It seems like you don't want your users to directly access your XML > documents, at least that is the point of encryption in your case I > guess. But why do you not simply not give them access to the data?
The
> user can't do anything with encrypted data, so it should be
sufficient
> if the user simply has no access to the data. > > Encrypting them on the server seems not very beneficial to me. If
you
> encrypt XML files, they will not be XML anymore, so you would have
to
> store them as binary (hence, you couldn't use XQuery anymore to
access
> the data directly, instead for each query you would have to decrypt
the
> data, parse it and than you could query it). > > So if just your application should be able to access the XML
documents,
> simply just give your application user credentials to access the > documents on the server. What would be the point of your users being > able to access the server, when they are unable to do anything with
the
> encrypted data?! > > Cheers, > Dirk > > > On 25/09/14 14:12, Nilanjan Dutta wrote: >> Not exactly.. Idea is to generate those Db files in server by
feeding
the
>> XML . And I'd zip the resulting database files and push it to the
client
>> through wcf service. >> >> Here I want to encrypt these DB files in server and send and while > reading >> those DB files in the client I want to decrypt it programmatically.
For
>> user, without running my application, it must remains encrypted. By
doing
>> this, I want to prevent my users playing with those DB files by any
mean.
>> Something similar to .NET Triple DES encryption. >> >> Regards, >> N.D. >> >> On Thu, Sep 25, 2014 at 5:33 PM, Dirk Kirsten dk@basex.org
wrote:
>> >>> Hi Nilanjan, >>> >>> double praise for Marco is well-deserved - We always appreciate
user
>>> feedback on the mailing list! >>> >>> I don't really get what you want to achieve with this kind of >>> encryption. Do you want your user to be unable to modify the XML >>> documents at your server? Then you could simply give them an
account
>>> with read permissions only. >>> >>> Cheers, >>> Dirk >>> >>> On 25/09/14 13:55, Nilanjan Dutta wrote: >>>> My bad. I meant Marco and Dirk. Thanks once again :) >>>> >>>> Regards, >>>> N.D. >>>> >>>> On Thu, Sep 25, 2014 at 5:24 PM, Nilanjan Dutta < >>>> nilanjan.dutta.india@gmail.com> wrote: >>>> >>>>> Thanks Marco and Marco for your prompt response. >>>>> So that is OK now - I have to configure the client instance
with a
db
>>> path >>>>> for those files and it should work. >>>>> Now one more concern is, is there a way I can encrypt those
files
> while >>>>> pushing them to clients from the server? And decrypt in the
client
>>> code? Or >>>>> do I rely on some 3rd party tool to do that? I don't want my
users
to
>>> play >>>>> around those files at all. >>>>> >>>>> Regards, >>>>> N.D. >>>>> >>>>> On Thu, Sep 25, 2014 at 4:04 PM, Marco Lettere < >>> marco.lettere@dedalus.eu> >>>>> wrote: >>>>> >>>>>> Hi Nilanjan, >>>>>> I've done something similar and it works. >>>>>> I even use rsync for synchronizing database directories
calling it
> from >>>>>> the xquery proc module. >>>>>> Just it has to be done when no access to the data is occurring > because >>>>>> there could be consistency issues arising. >>>>>> Regards, >>>>>> M. >>>>>> >>>>>> >>>>>> On 25/09/2014 12:16, Nilanjan Dutta wrote: >>>>>> >>>>>> Hello Team, >>>>>> >>>>>> In our project we are planning to use BaseX as XML DB. >>>>>> >>>>>> My main concern is, we don't want to create DB again and
again to
>>>>>> different machines with same XML file as input and would like
to
> reuse >>> the >>>>>> DB that we'd generate in a server. >>>>>> >>>>>> I see in the "data" directory of my BaseX installation these
files
> are >>>>>> generated when I create a DB by importing an XML: >>>>>> >>>>>> [image: Inline image 1] >>>>>> Would like to know if these can be zipped and ported into
different
>>>>>> machines and can be used to recreate the DB. Please do let me
know
> how >>> this >>>>>> can be done . >>>>>> >>>>>> Regards, >>>>>> N >>>>>> ilanjan Dutta >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >>> -- >>> Dirk Kirsten, BaseX GmbH, http://basex.org >>> |-- Firmensitz: Blarerstrasse 56, 78462 Konstanz >>> |-- Registergericht Freiburg, HRB: 708285, Geschäftsführer: >>> | Dr. Christian Grün, Dr. Alexander Holupirek, Michael Seiferle >>> `-- Phone: 0049 7531 28 28 676, Fax: 0049 7531 20 05 22 >>> >> > > -- > Dirk Kirsten, BaseX GmbH, http://basex.org > |-- Firmensitz: Blarerstrasse 56, 78462 Konstanz > |-- Registergericht Freiburg, HRB: 708285, Geschäftsführer: > | Dr. Christian Grün, Dr. Alexander Holupirek, Michael Seiferle > `-- Phone: 0049 7531 28 28 676, Fax: 0049 7531 20 05 22 >
-- Dirk Kirsten, BaseX GmbH, http://basex.org |-- Firmensitz: Blarerstrasse 56, 78462 Konstanz |-- Registergericht Freiburg, HRB: 708285, Geschäftsführer: | Dr. Christian Grün, Dr. Alexander Holupirek, Michael Seiferle `-- Phone: 0049 7531 28 28 676, Fax: 0049 7531 20 05 22
-- Dirk Kirsten, BaseX GmbH, http://basex.org |-- Firmensitz: Blarerstrasse 56, 78462 Konstanz |-- Registergericht Freiburg, HRB: 708285, Geschäftsführer: | Dr. Christian Grün, Dr. Alexander Holupirek, Michael Seiferle `-- Phone: 0049 7531 28 28 676, Fax: 0049 7531 20 05 22