Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
If encrypted data is stored on a server, and decryption key is disseminated to the legitimate users (through email), is there a need to implement access control policies?
What could be a possible scenario where I need both of them (if decryption key is only available to the legitimate users)?
Access control and authentication are two separate modes of security. Depending on your needs, you may need one or both.
Encrypting data on the server, and then disseminating the key, is arguably a form of authentication, since (at least in theory) knowing the key proves that you are a legitimate user.
Access control would be more along the lines of giving different levels of access to different users — for instance, access to general documents for most users with a key and access to privileged data for a select few users.
Ultimately, you have to evaluate your needs and decide on which modes you require.