On Sun, 2003-01-26 at 14:01, Cecil O. Lynch, MD wrote:
> Tim C wrote,
> 
> 
> >These days, I thought that that Universities needed to be sponsored to
> look into anything (including their own navels) -intellectual curiosity
> or advancement of knowledge aren't enough any more.
> 
> I can tell you that I for one(and several of my colleagues at the UC's)
> are there because we ARE interested in learning, primarily for the sake
> of learning. Hopefully, in the midst of our learning (and teaching) we
> will contribute to something worthwhile, not just the patent office of
> the University of California. It is somewhat difficult to get your work
> out to open source (you have to send the code out and tell the lawyers,
> oops, I made a mistake). We do have to produce something for the
> University, but hopefully the 48% they pad in our grants for work space
> and secretarial support will be enough for them.

Yes, I know, I was being mischievously cynical about the philosophy of
economic rationalism which holds sway in most halls of learning these
days.

> 
> By the way, I love the Gene Hackman analogy, but how do you ever get two
> doctors to agree to turn the key?

You need Gene Hackman to hold a gun to one of their heads? No, to their
secretary's head. Denzel Washington and Sean Connery are also needed
(hmm, I think I'm mixing up my nuclear sub movies there...).

Tim C

> 
> 
> -----Original Message-----
> From: Tim Churches [mailto:[EMAIL PROTECTED]] 
> Sent: Monday, January 27, 2003 10:08 AM
> To: Cecil O. Lynch MD
> Cc: [EMAIL PROTECTED]
> Subject: RE: MS SQL Server security Jan 25 03
> 
> 
> On Sun, 2003-01-26 at 03:37, Cecil O. Lynch, MD wrote:
> > No, I am not saying that MSSQL Sever provides row level security. I am
> 
> > saying that ANSI SQL allows one to write the scripts to enforce row 
> > level security.
> > 
> > Take a look at 
> > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/modco
> > re
> > /html/deconrowlevelsecuritysupportinissuetrackingsolution.asp
> 
> OK, thanks. This is implemented at the application level, or at least at
> a level above the base DBMS storage - in other words, it is a
> discretionary access control method - meaning it can be turned off or
> bypassed by the sysadmin or someone pretending to be the sysadmin.
> 
> What I had in mind was mandatory access control, and I think Oracle is
> the only mainstream vendor which provides this, sort of, with a very
> expensive add-on (more expensive that base Oracle - so that's
> expensive). Mandatory access control means that it can't be bypassed,
> even by the system administrator. This is a strange concept to many
> people, but it is highly desirable for protecting very large
> aggregations of identified personal health information, as might be
> amassed in a community-wide EHR. There are alternatives, such as
> dual-control of (database or operating system) accounts which have
> superuser privileges: two people are required to supply two separate
> passwords (and/or authentication tokens) before the superuser can log on
> to the system - similar to the Hollywood idea of nuclear missile control
> systems in which two people, one of whom is Gene Hackman, have to turn
> the keys simultaneously on control panels a few meters apart (too far
> for one person to reach). Again, there is a real opportunity here for
> open source systems to steal a march on commercial systems.
> 
> > As far as "sponsored" comp scientists to roll out a Postgres version, 
> > sounds like a project for faculty and students "sponsored" by the 
> > University.
> 
> Tim C
> 
> 
> 
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003
>  
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003
>  
> 


Reply via email to