Fallback on database compromise/errors

[BlackRose01]

You may want to consider creating a table in the Arrowhead database that is write-only and contains hash/encrypted information about each system in the system_ table.

The basic idea here is that a core system is always able to verify the connection data of a system in the system_ table. This can be, for example, when an orchestration is requested. Among other things, this is intended to increase data integrity but also to counteract compromises.

In case of a compromise or error, a core system can restore the system information from the table.

Hope it will enhance the security.

KR, BlackRose01

[emanuelpalm]

I had a similar idea in https://github.com/arrowhead-f/core-java-spring/issues/192#issuecomment-616382525, but for another reason (avoiding stale data).

[tsvetlin]

@BlackRose01 This idea is confusing for me. Could you please explain it in detail?

[BlackRose01]

Hi,

my idea follows the basic idea: "Is the system information from the system_ table correct and not compromised?" For example, let's assume that for some reason a foreign person got access to Arrowhead's tables. Now this person could change relevant system information and thus the orchestrator is delivering information (systems/services) that is potentially dangerous.

So my idea would be that when you create an entry in the system_ table, you automatically create a hash over the entry, which is then stored in a column or table that only allows reads and adds. This way the orchestrator is able to identify compromised entries and subsequently delete or ignore them.

This is not an absolute solution to improve security, but it could help.

[tsvetlin]

See: https://www.mysql.com/why-mysql/presentations/mysql-security-best-practices/

[BlackRose01]

The question I always have to ask the orchestrator is whether the data I am getting is correct and reliable. So the best practices are not suitable for all companies and not all companies can implement that because of budget and a shortage of employees (e.g. small/medium sized companies).

[borditamas]

How you prevent if someone got access to the DB than won't be able update also the check sum?

[borditamas]

Should be considered in v5