In the traditional form, a password database is similar to any other database file, except the contents are encrypted using a key derived from a passphrase entered by the user. The user enters their passphrase, decrypts the database, reads some entries, writes/changes some other entries, re-encrypts the database and writes it back to disk.
Say we wanted to extend this concept to a shared environment. Say our database has ten entries (0 through 9) and three users (Alice, Bob, and Carl), each with their own unique passphrase. To further complicate the scenario, Alice should be able to access all the entries, Bob should only be able to access entries 0-4, and Carl should only be able to access entries 5-9. If Alice changes one of the entries, Bob or Carl should see the updated value (if they have access). If Bob or Carl changes one of the entries that they have access to, Alice should see the updated value.
I'm curious if there is a way something like this could be implemented securely. All the approaches I've been able to come up with either require there being some sort of "master" key being stored alongside the database, thus leaving a big opportunity for anybody who gains access to the filesystem or memory of the server -- or storing a uniquely encrypted copy of each set of entries for each user. But that would break the scenarios where one user needs to update a value in a way that the other users can see.
Is there a way to do this, or some subtle way the requirements could be tweaked to make the system less paradoxical?
Aucun commentaire:
Enregistrer un commentaire