Re: Can web site data be protected from access by the webmasters?
From: Morris Lewis (Morris@Holistech.com)
Date: 06/30/02
- Next message: Morris Lewis: "Re: Where to place SQL Server DMZ, LAN etc."
- Previous message: SQL Guy: "Re: SQL Permissions"
- In reply to: Skillman Hunter: "Can web site data be protected from access by the webmasters?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Morris Lewis" <Morris@Holistech.com> Date: Sun, 30 Jun 2002 01:25:37 -0500
First thought: create a development database with junk data. The web
developer only needs to make sure the site produces correct output and
stores data correctly. Once the project's done, change the passwords and
load the real data. If the programmer needs to make changes later on, make
the changes to a staging server that uses the junk data. Then have a
disinterested third party make any changes to the production servers.
Second thought: write a contract with sufficient penalties if the programmer
divulges the information.
Here's a rule of thumb for cases like this: never hire anyone you can't
trust.
Morris Lewis
MCDBA, MCSD, MCSE, MCT, CTT+
President, Holistech Inc
"Skillman Hunter" <ski@acrobyte.com> wrote in message
news:#f4Cxe0HCHA.1748@tkmsftngp13...
> One of my client's was interested in a web site and has contracted with
someone to do it.
> The site basically is for magazine subscriptions.
> I have advised the client to be wary of security.
> The person doing the site for the client is in the same industry as the
client's.
> And that person is asking for the client's customer database.
> "But I don't want to give out that information, it is worth it's weight in
gold."
> I replied "Who ever has control over the web site has access to all the
information.
> As time goes by, even without the current database, in a few years
> as renewals accrue all the subscribers will be in the web database."
> Client said "But it is going to be a SECURE web site."
> I said, "Yes, secure to anyone that does NOT have access to the web pages
and DB."
> The web programmer involved is a friend of the person the client
contracted with.
> And client thinks that person is also the ISP.
>
> Does anyone know of any way that a web site with SQL Server DB can be made
> secure from the webmaster that created it?
> A "secure" web site uses HTTPS/SSL encrypt the HTTP messages to and from
the server
> acting at the Presentation level of the socket software to prevent access
> from outside the server, but not that the server DB would be encrypted.
> I presume that data in SQLServer, or whatever DB is used can be encrypted.
> But what happens to the data as it is tranmsitted to and from the DB to
SSL?
>
> Or one could not have a server DB at all and just have encrypted emails
> sent to the client's office system - not efficient, but possible.
>
> But I don't see that there could be any way to completely encrypt that
data
> in a way that the web site programmer or ISP would not have access to it.
> Am I wrong?
>
> I have advised the client to arrange for a third disinterested party to do
the web site.
>
>
- Next message: Morris Lewis: "Re: Where to place SQL Server DMZ, LAN etc."
- Previous message: SQL Guy: "Re: SQL Permissions"
- In reply to: Skillman Hunter: "Can web site data be protected from access by the webmasters?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
