Hi Helen, if I understand you well, I have a steel armor archive cabinet on wheels without a rear wall. Approved by all security agencies (NSA etc) and several other criminal organizations. And, I even didn’t know. ;)
I have contacted them, the supplier / developer (not vendor) and the certification body. Waiting for their reactions. It is possible to sent you a personal mail? Uncleared ist my problem with the chip card. Marc. PS: read also the mail of [email protected] Am 05.01.2014 um 11:16 schrieb Helen Borrie <[email protected]>: > At 05:25 p.m. 5/01/2014, Marc Hakman wrote: > >Hi, > > > >I am running a professional commercial practice information system, based on > >firebird in Germany. The system is certified by the german health agencies. > > > > > >Problem? > >The firebird account name and pasword are NOT changed. > > Ouch!! > > >The government is rolling out a patient chip card with the possibility to > >exchange the basic patients data with their social security health assurance > >agency by WAN. Is there a possibility for them to get access to (other) > >patient files (so the complete database) through a backdoor, e.g. via the > >admin account? > > The whole world knows 'masterkey' as the installation password for SYSDBA. > Its *only* purpose is to provide access to the SYSDBA to set his own password > at installation time. > > >Is there another way? > > If the SYSDBA password is 'masterkey' (or anything starting with 'masterke') > then change it NOW, to something very obscure. (You have 8 characters, not 9). > > >Is it a security risk not changing the account name and pw? > > See above. But do you know about users and SQL permissions? > > >I am not paranoia, just concerned about my business and even more the > >medical confidentiality. > > If you are saying that you deploy this software with only one user - SYSDBA - > then you have a serious problem. (SYSDBA should be used only for > administering databases). If it is deployed with SYSDBA + 'masterkey' then > you have a VERY serious problem, that should not have been passed by the > certification authority. > > Helen Borrie, Support Consultant, IBPhoenix (Pacific) > Author of "The Firebird Book" and "The Firebird Book Second Edition" > http://www.firebird-books.net > __________________________________________________________ > > >
