Can web site data be protected from access by the webmasters?
From: Skillman Hunter (ski@acrobyte.com)
Date: 06/29/02
- Next message: Russell Fields: "Re: Unauthorized due to ACL on resource"
- Previous message: BP Margolin: "Re: Permissions List"
- Next in thread: SQL Guy: "Re: Can web site data be protected from access by the webmasters?"
- Reply: SQL Guy: "Re: Can web site data be protected from access by the webmasters?"
- Reply: Morris Lewis: "Re: Can web site data be protected from access by the webmasters?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Skillman Hunter" <ski@acrobyte.com> Date: Sat, 29 Jun 2002 01:35:30 -0700
One of my client's was interested in a web site and has contracted with someone to do it.
The site basically is for magazine subscriptions.
I have advised the client to be wary of security.
The person doing the site for the client is in the same industry as the client's.
And that person is asking for the client's customer database.
"But I don't want to give out that information, it is worth it's weight in gold."
I replied "Who ever has control over the web site has access to all the information.
As time goes by, even without the current database, in a few years
as renewals accrue all the subscribers will be in the web database."
Client said "But it is going to be a SECURE web site."
I said, "Yes, secure to anyone that does NOT have access to the web pages and DB."
The web programmer involved is a friend of the person the client contracted with.
And client thinks that person is also the ISP.
Does anyone know of any way that a web site with SQL Server DB can be made
secure from the webmaster that created it?
A "secure" web site uses HTTPS/SSL encrypt the HTTP messages to and from the server
acting at the Presentation level of the socket software to prevent access
from outside the server, but not that the server DB would be encrypted.
I presume that data in SQLServer, or whatever DB is used can be encrypted.
But what happens to the data as it is tranmsitted to and from the DB to SSL?
Or one could not have a server DB at all and just have encrypted emails
sent to the client's office system - not efficient, but possible.
But I don't see that there could be any way to completely encrypt that data
in a way that the web site programmer or ISP would not have access to it.
Am I wrong?
I have advised the client to arrange for a third disinterested party to do the web site.
- Next message: Russell Fields: "Re: Unauthorized due to ACL on resource"
- Previous message: BP Margolin: "Re: Permissions List"
- Next in thread: SQL Guy: "Re: Can web site data be protected from access by the webmasters?"
- Reply: SQL Guy: "Re: Can web site data be protected from access by the webmasters?"
- Reply: Morris Lewis: "Re: Can web site data be protected from access by the webmasters?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
