Re: Re: Encrypt database table

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Philip Thompson wrote:

> I understand what you're saying, but I don't completely agree with
> this. What happens when the DBA has a table of names and SSNs on
> screen and then gets up from his desk to run to the bathroom? In the
> fear that he may ruin is best slacks (err, jeans), he forgets to close
> the DB viewer or lock his desktop. Mr. ShouldntBeInHere walks by, sees
> the monitor of data and takes a picture with his new iPhone 3G and
> keeps walking. Well, now he just grabbed 50 names and SSNs. Uh oh!

1) the DBA should not have read access to sensitive customer data. He
only does database admin after all.
2) it should be standard procedure to manually lock the screen, and
3) have an automatic lock after e.g. 5min. 
4) if you have a Mr. ShouldntBeInHere in your datacenter, your security
has failed elsewhere. 

Ad 2) - I worked in banking IT some 20 years ago, and not locking your
screen when you were away from your desk was a sackable offence. 



/Per Jessen, Zürich


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux