Is BLAST searching more "secure" by WWW form than by e-mail?

Warren Gish gish at host.nlm.nih.gov
Mon Aug 22 15:06:17 EST 1994


In article <Cus7zC.I57 at phibred.com> brookerg at phibred.com (Glenn Brooke) writes:
>     Earlier I asked about encryption of BLAST mail server queries, and
>learned that RIPEM is a supported method for BLAST (thanks!).  Someone
>also suggested that using a BLAST form via WWW would be more secure --
>is this true?  Why?  Thanks in advance,

WWW might be considered somewhat more secure than un-encrypted BLAST e-mail for
a few reasons.  First, if e-mail from your location is handled by one or more
mail relay computers on its way to/from the NCBI BLAST server, use of WWW
circumvents the relay computers and their associated security risks by providing
direct communications between your computer and the BLAST server.

Second, even if e-mail is sent directly between your location and the NCBI,
depending on how e-mail messages are handled at your location before
transmission, your query might exist at least transiently in a file somewhere
on the system awaiting transmission; and the search results returned by the
BLAST E-mail server may sit in a file for an indefinite period of time awaiting
your retrieval of them.  Either way, the query or the results could be read by
a system operator or intruder.  But an intruder might be able to rifle through
your files and grab your sequence data anyway.  The strength of security here
presumes proper configuration of the e-mail and other system software, assumes
difficult-to-guess choices have been made for system administrator and user
passwords, and assumes your files are not generally readable by anyone sharing
the same computer with you.

Despite efforts to avoid the above risks, given the proper software someone
with a simple PC attached to the network can peek at all data that passes along
the same network segment -- no cracking of passwords required.
passing data along numerous network segments and through numerous network
routers, all of which are potential points of attack.  If the transmitted data
are encrypted, though, depending on the strength of the encryption method
that was used, the data will be basically useless to a network eavesdropper.

Lastly, as mentioned earlier in this or a related thread, by using WWW the
risk of specifying an incorrect e-mail address is avoided.

Warren Gish
NCBI/NLM





More information about the Bio-soft mailing list