SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


IT Security


IT Security

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)

Group: Administrators
Points: 62941 Visits: 19111
Comments posted to this topic are about the item IT Security

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (86K reputation)SSC Guru (86K reputation)SSC Guru (86K reputation)SSC Guru (86K reputation)SSC Guru (86K reputation)SSC Guru (86K reputation)SSC Guru (86K reputation)SSC Guru (86K reputation)

Group: General Forum Members
Points: 86584 Visits: 41098
Let's talk about the "other side" of security.

From what I've seen on these very forums, most companies shouldn't be allowed to be in business never mind write even a single line of code. How many times have we seen people with query requests where the SSN, TIN, Credit Card numbers, and other personal information are stored in clear text? Even storing the "last 4 digits" and someone's birthdate in clear text is a violation, in my eyes. You can do a whole lot of damage with just those two pieces of information if you're dedicated to the art of invasion.

As for "allow shoddy code", that's totally wrong. They INSIST on shoddy code because "it takes too long to do it right". Crazy

Enforcement is stupid, as well. I worked for one company that repeatedly failed PCI compliance but they were still allowed 2 whole years to get their act together. My feeling is that such compliance should be achieved and certified by proper authority BEFORE anything hits production. But, NO, that would slow things down too much.

Don't get me started on all of the information, like SSN's, etc, that we have to give up just to get the lights turned on in the house or to procure other simple services. It's ridiculous and so is the way a whole lot of supposed reputable companies/hospitals, etc handle the data.

I guess that qualifies as a "rant", huh?

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Steve Jones
Steve Jones
SSC Guru
SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)SSC Guru (62K reputation)

Group: Administrators
Points: 62941 Visits: 19111
Jeff Moden (10/5/2013)


...
I guess that qualifies as a "rant", huh?


Yep, and I agree.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
John Hanrahan
John Hanrahan
SSC Eights!
SSC Eights! (807 reputation)SSC Eights! (807 reputation)SSC Eights! (807 reputation)SSC Eights! (807 reputation)SSC Eights! (807 reputation)SSC Eights! (807 reputation)SSC Eights! (807 reputation)SSC Eights! (807 reputation)

Group: General Forum Members
Points: 807 Visits: 1464
Jeff's "rant" sure hits home. I think it's only going to get better when the data owners are going to be held accountable whether it's through insurance, criminal proceedings or maybe social media/economic hurt. It feels like a house of cards.
David.Poole
David.Poole
SSCertifiable
SSCertifiable (7.6K reputation)SSCertifiable (7.6K reputation)SSCertifiable (7.6K reputation)SSCertifiable (7.6K reputation)SSCertifiable (7.6K reputation)SSCertifiable (7.6K reputation)SSCertifiable (7.6K reputation)SSCertifiable (7.6K reputation)

Group: General Forum Members
Points: 7647 Visits: 3286
Steve Jones - SSC Editor (10/6/2013)
Jeff Moden (10/5/2013)


...
I guess that qualifies as a "rant", huh?


Yep, and I agree.


Ditto from me.

LinkedIn Profile

Newbie on www.simple-talk.com
TomThomson
TomThomson
SSChampion
SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)

Group: General Forum Members
Points: 14342 Visits: 12197
David.Poole (10/8/2013)
Steve Jones - SSC Editor (10/6/2013)
Jeff Moden (10/5/2013)


...
I guess that qualifies as a "rant", huh?


Yep, and I agree.


Ditto from me.

I agree too. But Jeff understated it, this stuff needs serious penalties and insurance premiums won't be painful enough to make anything happen. In Europe we have some legislation, but the sticks consist of fines which are rarely imposed and anyway are generally at a level which is peanuts compared to the daily profits of the offending companies or the daily money wasted in government bureaucracies which also spill all sorts of data plus getting your incompetence documented in the newspapers). We need hard laws aboy what data needs to be protected properly and jail time for the directors (US English: vice presidents) responsible for the mess, because just about all the data on the planet is totally unproteced and will stay that way as until it costs real pain to fix it.

Tom

Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search