|
|
Posted by Ed Prochak on 10/12/26 11:34
Martin wrote:
> > Why else are you posting in a SQL Server group?
>
> To learn about the general topic of database security rather than one
> specific hypothetical example I concocted that is admittedly too narrow.
>
> In general terms, the link I found reveals part of the problem a little.
> The issue will be an important one to consider with computing in the palm of
> your hand. These days databases might find themselves being carried around
> on laptop or palm machines. In the not-too-distant future, terabyte-class
> portable storage might not be too far fetched an idea. Databases are sure
> to go mobile. With this will come serious security issues as the files
> themselves could fall into the wrong hands very easily.
>
> Yet another hypothetical scenario is a travelling salesman having a database
> of clients, notes and general business intelligence on a notebook computer.
> It is more than likely that, today, stealing that data would just take a
> very quick copy of the database file/s. I'd venture to say that most db's
> are not designed to have strong security at the file level. I understand
> why (cpu and system load in managing constant encrypt/decrypt processing)
> but it is disturbing nevertheless.
>
> -Martin
If you want a broader view, you might want comp.databases.theory. I'm
posting from comp.databases BTW.
It comes down to where you build the wall. Preventing access to the
machine would be the first and best line of defense. Protecting the
data within the DB (encrypted fields) is the last line of defense. Some
situations require multiple levels of defense.
Bottom line is that there is no simple solution. If a hacker has access
to the data files, you've already lost some major security battles.
Navigation:
[Reply to this message]
|