Re: Can web site data be protected from access by the webmasters?
From: SQL Guy (SQLGuy@EarthLink.Net)
Date: 06/30/02
- Next message: SQL Guy: "Re: sql agent permission"
- Previous message: Russell Fields: "Re: Unauthorized due to ACL on resource"
- In reply to: Skillman Hunter: "Can web site data be protected from access by the webmasters?"
- Next in thread: Skillman Hunter: "Re: Can web site data be protected from access by the webmasters?"
- Reply: Skillman Hunter: "Re: Can web site data be protected from access by the webmasters?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "SQL Guy" <SQLGuy@EarthLink.Net> Date: Sat, 29 Jun 2002 21:30:11 -0700
It's possible, but why bother? Just find a company which is not interested
in the data.
"Skillman Hunter" <ski@acrobyte.com> wrote in message
news:#f4Cxe0HCHA.1748@tkmsftngp13...
> One of my client's was interested in a web site and has contracted with
someone to do it.
> The site basically is for magazine subscriptions.
> I have advised the client to be wary of security.
> The person doing the site for the client is in the same industry as the
client's.
> And that person is asking for the client's customer database.
> "But I don't want to give out that information, it is worth it's weight in
gold."
> I replied "Who ever has control over the web site has access to all the
information.
> As time goes by, even without the current database, in a few years
> as renewals accrue all the subscribers will be in the web database."
> Client said "But it is going to be a SECURE web site."
> I said, "Yes, secure to anyone that does NOT have access to the web pages
and DB."
> The web programmer involved is a friend of the person the client
contracted with.
> And client thinks that person is also the ISP.
>
> Does anyone know of any way that a web site with SQL Server DB can be made
> secure from the webmaster that created it?
> A "secure" web site uses HTTPS/SSL encrypt the HTTP messages to and from
the server
> acting at the Presentation level of the socket software to prevent access
> from outside the server, but not that the server DB would be encrypted.
> I presume that data in SQLServer, or whatever DB is used can be encrypted.
> But what happens to the data as it is tranmsitted to and from the DB to
SSL?
>
> Or one could not have a server DB at all and just have encrypted emails
> sent to the client's office system - not efficient, but possible.
>
> But I don't see that there could be any way to completely encrypt that
data
> in a way that the web site programmer or ISP would not have access to it.
> Am I wrong?
>
> I have advised the client to arrange for a third disinterested party to do
the web site.
>
>
- Next message: SQL Guy: "Re: sql agent permission"
- Previous message: Russell Fields: "Re: Unauthorized due to ACL on resource"
- In reply to: Skillman Hunter: "Can web site data be protected from access by the webmasters?"
- Next in thread: Skillman Hunter: "Re: Can web site data be protected from access by the webmasters?"
- Reply: Skillman Hunter: "Re: Can web site data be protected from access by the webmasters?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
