Hi Helen, I’ve got some answers.
Am 07.01.2014 um 08:34 schrieb Helen Borrie <[email protected]>: > >>> I expressed surprise that the software would have received government >>> certification if it was set up wrongly from a security perspective. Only >>> your supplier/developer can go through this with you and explain what (if >>> anything) you need to do. The government certifies only the forms (the P.I.S. developer is not more than a printery) and the on-line connection with the health agency, not the database safety. However, she gives some good, but sometimes incomplete guidelines. > > At 06:53 p.m. 7/01/2014, Marc Hakman wrote: >>> >> Every client has a pw and different rights: the cabinet. In my view, the >> database file with the unchanged default admin account name and pw is the >> missing rear wall. Is that correct? > > If the SYSDBA password is 'masterkey' then YES, your assessment is correct. > >> Still untouched: patient chip card. >> Where can I find info about the possible risks of patients chip cards. In >> your books? > > Not in my books. I'm not even sure what you are talking about. I suppose it > must be some kind of smartcard storing patient data that can be read by a > dedicated reader device. > >> How can I read out, wether they do something / nothing with my database file. > > I guess that the authority that issues these cards must have some information > available about the data format and the device API, so that people like your > software developer can write applications to read from the card and (if > supported) write to it. > > I have never heard of a smartcard that could log into a database as SYSDBA, I > must confess! That would be some amazing wee beastie. ()()()()()()()()(^ ^) > Glad too read that. >> I don’t like to trust my developer, because he has interest in selling and >> therefore in certification; not in the security of my database files (= >> patients and financial company files). My assumption is wrong. The >> certification (as a printery) and safety are completely different issues. >> The developer has a real interest in safety. Although he admits, that the >> safety is not very high. He explained: within the database, the files are >> partially written in a binary format and the information is scattered over >> many tables. It is almost impossible to find their context. So the patient >> files in the cabinet are shredded. Is OK, or not? > > Really? I thought the primary reason for certification was quality assurance > of (only as a printery, see above) which data security is a significant part > and customer support is another. I get the impression that you haven't made > contact with the software support people about this chip card issue. > > > Helen Borrie, Support Consultant, IBPhoenix (Pacific) > Author of "The Firebird Book" and "The Firebird Book Second Edition" > http://www.firebird-books.net > __________________________________________________________________ > > > > ------------------------------------ > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Visit http://www.firebirdsql.org and click the Resources item > on the main (top) menu. Try Knowledgebase and FAQ links ! > > Also search the knowledgebases at http://www.ibphoenix.com > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Yahoo Groups Links ------------------------------------ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Visit http://www.firebirdsql.org and click the Resources item on the main (top) menu. Try Knowledgebase and FAQ links ! Also search the knowledgebases at http://www.ibphoenix.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Yahoo Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/firebird-support/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/firebird-support/join (Yahoo! ID required) <*> To change settings via email: [email protected] [email protected] <*> To unsubscribe from this group, send an email to: [email protected] <*> Your use of Yahoo Groups is subject to: http://info.yahoo.com/legal/us/yahoo/utos/terms/
