the guy with server room key is god of god of god :P
Em seg, 25 de mar de 2019 às 22:30, Felipe Gasper <[email protected]> escreveu: > > > > On Mar 25, 2019, at 9:09 PM, Peter McLarty <[email protected]> > wrote: > > > > The governance committee would have a fit about that security. That > would set up the possibility of the DBA logging in as an application > service user or some other user and edit data implicitly implying that the > service account or the user has been hacked as the edits came from that > user in the audit logs. > > The audit logs … that the admin can falsify anyway? An application service > that likely has its credentials stored on the same server over which the > admin has total access? User credentials that very likely are stored in > ~/.my.cnf? > > > Yes by nature the DBA is god and this is true in all databases. SOX > based users in the US will talk about all the problems they have been dealt > with by auditors when addressing compliance. > > What I’m getting at is not that “DBA is god” so much as that “sysadmin is > god of gods”. The idea of “DBA” just means someone who can do anything at > all within the DB. > > But a local administrator, who can SIGKILL the DB (as opposed to asking > the DB to shut itself down), who can edit the actual DB files manually, who > can swap out anything for anything else, is another level of privilege. > *That* user should have no need for credentials: they are who they say they > are by the nature of what a sysadmin is. > > -FG > _______________________________________________ > Mailing list: https://launchpad.net/~maria-discuss > Post to : [email protected] > Unsubscribe : https://launchpad.net/~maria-discuss > More help : https://help.launchpad.net/ListHelp > -- Roberto Spadim SPAEmpresarial - Software ERP Eng. Automação e Controle
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
