Yep. In the cases of more recent products (beyond MDW 1-2.x) read only passwords exist to support add-on products that query the clinical database. Often the read only passwords are commonly known or not hard to obtain.
Even though there is more awareness of data security in practices than ever before, physical security seems to be often forgotten. The most common response I get when I raise the issue of physical security (eg server in a room that is used by visitors ranging from specialists to drug reps) is "but they'll never guess our password". I've had occasions where I've had legitimate need to reset Windows server administrator password or Linux root password and had the equipment owners in disbelief at how quickly it was done. It's usually best to think along the lines that physical access = system access. Neil ----- Original Message ----- From: Horst Herb <[EMAIL PROTECTED]> To: General Practice Computing Group Talk <[email protected]> Sent: Friday, November 24, 2006 11:29:30 AM GMT+1000 Australia/Sydney Subject: Re: [GPCG_TALK] Data Ownership - without prejudice -Intrahealth On Friday 24 November 2006 06:47, Elizabeth Dodd wrote: > > Who is prepared to use a clinical database that is not encrypted ? > > absolutely yes. but i know that, and therefore protect the data. Same here What's the point of database encryption if it is so simple in most instances to figure out the password to access the database? (In the case of MDW 1-2.x, in fact a matter of pen, pencil, an ASCII table and two minutes) The server needs to be physically secured. An external RAID cage is very easy to boly down and lock away. Encryption of the database achieves only two things: a) it makes third party access (eg for import/export purposes) needlessly difficult b) it slows the system down and makes full text search very difficult and ressource intensive BACKUPS are what needs to be encrypted. OTOH, I figured out that a Linksys NSLU + a 2.5" hdd remain cool enough to put them into a fireproof safe - ideal backup device for on-site backups Horst _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
