Re: Protecting database from administrators
From: Neil Pike (neilpike_at_compuserve.com)
Date: 04/27/04
- Next message: Neil Pike: "Re: anyone knows what happen?"
- Previous message: aaaa: "RE: Unsolicited Pop-Up advertisements on INTERNET EXPLORER"
- In reply to: J André Labuschagné: "Re: Protecting database from administrators"
- Next in thread: J André Labuschagné: "Re: Protecting database from administrators"
- Reply: J André Labuschagné: "Re: Protecting database from administrators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Apr 2004 09:14:13 GMT
Andre,
> There are many DBMS that run on both MS and Linux servers and provide the
> security we require. Just do a bit of research of your own. This is not
> the forum to throw around the names of competitor products.
<panto mode on>
Oh yes it is
<panto mode off>
Throw around.
> We are aware of some companies that have attempted to use MSSQL in mission
> critical situations. We are also aware of many that have dumped MSSQL
> precisely because of its weak security.
Why do you seem to perceive such a link between mission critical and security?
Whilst there is obviously often a bit of a relationship, there often isn't.
An internal personnel system is not mission critical, but the data is highly
sensitive and the data/system requires a high level of security. Alternately a
stock-control system could well be mission critical, but the data would not be
deemed to need a high level of security in most organisations.
Forgetting SQL Server for a moment, I think you'd agree that the core
financial systems of banks are mission critical and require security? How come
I've never seen a banking dbms that implements full file-level
encryption/security then? These are typically DB/2 systems on IBM mainframes.
But the data is "in-clear" on the disks. However, no-one is getting anywhere
near that data as it's stored in a datacentre, producted by security guards,
cameras, motion sensors, hand-print entry, one-person-at-a-time airlocks etc.
etc. Access at all levels to the o/s and dbms is logged and auditted.
If that bank instead uses SQL Server for it's core systems, and there are some
that use SQL Server for at least some of their core systems these days, and
they have the above levels of physical security, why would they need file level
encryption?
> Do not get me wrong. There is a
> place for an open system such as MSSQL. It is not everyone who wants the
> security that we require. Briefly, our requirements, inter alia, are:
>
> 1. Zero or near zero administration
> 2. One physical file for the database
> 3. Simple recovery procedures
> 4. Physical file protection while at rest and in transit
> 5. Acceptable performance
> 6. Scaleability
> 7. Small footprint
> While MSSQL meets some of these requirements it fails on others. If these
> are not your requirements then use the product. One user with 50,000
> connections to a DB provided by a competing vendor when approached said that
> the security we require was provided for and there typically was no need for
> a DBA except perhaps as a liason between the developers of the app and his
> company. On account of the stability and resilience of the DB the
> traditional DBA role is covered in other ways. They have been said DB for
> around ten years. Of course you are not going to believe this. Just go and
> do a bit of research. There are many alternatives out there. We have found
> other possibilities. You can too. This is not to say that MSSQL does not
> suit some folk. Just be honest about what it can and cannot do. That way
> you will not get your fingers burnt and everyone will be happy. When and if
> MSSQL security is improved we may visit it again if it proves to be the best
> option for our clients. At the moment it is not.
I would very interested in what sort of product you are offering to what sort
of clients.
Neil Pike MVP/MCSE. Protech Computing Ltd
Reply here - no email
SQL FAQ (484 entries) see
http://forumsb.compuserve.com/gvforums/UK/default.asp?SRV=MSDevApps
(faqxxx.zip in lib 7)
or www.ntfaq.com/Articles/Index.cfm?DepartmentID=800
or www.sqlserverfaq.com
or www.mssqlserver.com/faq
- Next message: Neil Pike: "Re: anyone knows what happen?"
- Previous message: aaaa: "RE: Unsolicited Pop-Up advertisements on INTERNET EXPLORER"
- In reply to: J André Labuschagné: "Re: Protecting database from administrators"
- Next in thread: J André Labuschagné: "Re: Protecting database from administrators"
- Reply: J André Labuschagné: "Re: Protecting database from administrators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
