Thanks for your input, Jody. Regards, Ronnie
> On 24 Apr 2019, at 9:29 PM, [email protected] wrote: > > From: Jody Bevan <[email protected] <mailto:[email protected]>> > To: 4D iNug Technical <[email protected] <mailto:[email protected]>> > Subject: Re: 4D Security White Paper > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset=utf-8 > > As with all security anything can be hacked given time, money, and desire. > > First of all, social hacking is the most likely cause of leaked data. So > moving on, to other types. > > If someone really wants your data they might steal your server computer. In > days gone by if you didn’t know the Administration password - not a problem > take the drives out and hook up into a different system. If though, you have > used a RAID system, with hardware encryption of the data that does not work. > Everything is encrypted on the hard drives. You are not going to get any data. > > So, here again social hacking is needed to get the Administrator’s password. > No amount of work on our end as developers is going to stop social hacking. > > 4D has long had encryption of data between the server and the 4D Client. That > is in case someone is going to sniff the wireless or wired network. > > If you have opened up a 4D data file that is not encrypted, I challenge you > to actually piece together the information. I have tried when I opened up a > typical smaller data file of a smaller client - 30GB of data. Yes, I can see > information, but a record is not all together. Therefore trying to pull data > together for a single record, or a person is not going to be something one > can do. > > This is all very easy for each of you to look at. Open a data file up. If it > is too big, you can build a text viewer that will read things in a character > or ‘x’ characters at a time. See for yourself how hard it is to read the > data, pull together information. > > I have worked through lots of different government security regulations. > First they jump on what ever is the latest in the trade magazines. Second the > elephant in the room is ignored (social hacking). They make up all these > rules, and then when they have inspections on site they totally ignore the > security rules that they should be checking. > > Jody ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
