50 Ways to Confuse, Worry, or just Scare People in a computer lab.
-
Comments posted to this topic are about the content posted at http://www.sqlservercentral.com/columnists/sjones/funny41.asp
-
I agree to your points that Its not an easy (especially not for hit and try) thing to do and to stop Sys Admin using data from the DB. In my view it involves some kind of management which make it sure that atleast no internal personnel who has no need to access the data should not be allowed.
The other way is Make Your Own RDBM Server Application or Database Engine (well who knows that one may become a competitor to SQL Server or Oracle ....?).
-
Thanks. The only way I have seen is encryption and even then, it's not an easy thing to do.
Steve Jones
-
What happened here? Is 50 Ways to Confuse, Worry, or just Scare People in a computer lab really the same article as Worst Practices - Data Encryption? It sure appears that way on my computer, yet I was expecting a humor article.
-
As long as I'm posting on this topic... You make some good points here. What do you propose for the company that has just a little bit of sensitive information, such as credit card numbers? They aren't going to encrypt massive amounts of data, but might want to encrypt that one field. Yet, they'll probably need to retrieve it to use again when the customer returns.
-
Yikes, yes somehow our data got crossed.
this should be fixed shortly.
OK, so encryption doesn't easily work. Here's what I recommend for something like Credit cards.
1. DO NOT connect the db to the Intnernet or any public network. I use multi-homed web servers and the db is never directly accessable from the Internet.
2. Use asymetric encryption. PGP, is the freee one, but there are lots of solutions out there to allow you to build an asymmetric solution. Store the public key on the web server for storing the data and the private key on an internal server that will handle the processing. This keeps the "decryption" key 2 computers behind the Internet. Be sure you escrow a copy of this private key somewhere offline, tape, cd etc.
3. If you must store the credit card in the db, I'd remove select/update rights from it for the web server. Use a separate server to auth the transaction and a separate user/role to do this that has select rights.
Steve Jones
-
The rating scale can't do justice to this mindless spew! Nothing funny here, and an undercurrent of misanthropic, latent violence lurks.
-
-
I liked your funny article, especially numbers 1, 22 and 32.
Robert Marda
Robert W. Marda
Billing and OSS Specialist - SQL Programmer
MCL Systems -
-
This kind of reminded me of the things we did when I was at college - number 5 especially if an artsie type course was next in there to do their mandatory computer awareness!
-
Steve - you been writing spew again? I TOLD you to turn the humor checker on!
Andy
-
Sorry. when my water pipe broke last week I go confused
BTW, these would be great for your fraternity brothers!!!
Steve Jones
-
HAHA.:):D..Steve Very nice points. It is very humor.:D
I tried out this points from my friend in my office.
But he was rewarded as 'Unstable minded person' ,I dont know the exact english word,
In our language we call 'Paithiyam'.Fortunately i escaped.:P
karthik
Viewing 14 posts - 1 through 13 (of 13 total)
You must be logged in to reply to this topic. Login to reply