Commit 2761e060 authored by Bengfort's avatar Bengfort
Browse files

rm data separation subheadings

parent a33e2784
......@@ -88,11 +88,8 @@ Similar to how a study membership allows a user to access a specific study,
users need to be authorized to access specific resources and :ref:`general
domains <general-domains>`. This can only be done by administrators.
Data separation
---------------
Implementation
~~~~~~~~~~~~~~
Database separation
-------------------
We chose to split the data into three different categories:
......@@ -102,20 +99,16 @@ We chose to split the data into three different categories:
- Contact data is also handled in castellum, but in a separate database
to provide an additional barrier.
Security Considerations
~~~~~~~~~~~~~~~~~~~~~~~
The described architecture provides a clear structure for developers
that should help avoiding critical data leaks. Even if an attacker is
able to dump a whole table or even a whole database, this structure
still limits the impact.
Storing contact data in a separate database provides a clear structure for
developers that should help avoiding critical data leaks. Even if an attacker
is able to dump a whole table or even a whole database, this structure still
limits the impact.
However, it is important to understand that the barrier between
recruitment and contact data is not that high. Since castellum has full
access to both, an attacker can also gain full access. Spreading the
system across several databases on different servers or even in
different organizations does not help much if there is still a single
point of entry.
However, it is important to understand that the barrier between recruitment and
contact data is not that high. Since castellum has full access to both, an
attacker can also gain full access. Spreading the system across several
databases on different servers or even in different organizations does not help
much if there is still a single point of entry.
Monitoring
----------
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment