Re: Securing the database from the DBA

• Previous message: Bruce Barnett: "Re: Safe to make credit card purchases over the web?"
• In reply to: Barry Margolin: "Re: Securing the database from the DBA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 31 Mar 2004 02:50:29 GMT

Barry Margolin <barmar@alum.mit.edu> writes:

> If you really need a high level of checks and balances, I suppose you
> could implement something analogous to the way nuclear missiles are
> launched: two keys have to be turned simultaneously, and they're located
> far enough apart that one person can't do it by himself. Something
> analogous would be a requirement that two people in different rooms
> enter commands to disable the database logging/auditing policies.

There are also audit packages that can identify unauthorized database
access even if done by the DB admin him/her self - without them
knowing their actions are logged.

-- 
Sending unsolicited commercial e-mail to this account incurs a fee of 
$500 per message, and acknowledges the legality of this contract.

• Previous message: Bruce Barnett: "Re: Safe to make credit card purchases over the web?"
• In reply to: Barry Margolin: "Re: Securing the database from the DBA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]