Re: [NF] Open Source Rookie + Database Servers

Wed, 06 Sep 2006 00:12:13 -0700 

Now we are getting to the heart of the matter: is it that you have
valuable DATA you wish to protect, Vassilis?



No. This conversation was very helpful for me and I think for other 
developers also, because it showed me a better view of the term *Security*. 
Until now I 've thought that because MySQL is considered a secure server my 
data is well protected. You showed me that this is true under some 
circumstances but sometimes there are holes. My data is not so precious or 
so valuable I just wanted to know where is the achilleus tendon in order to 
design my applications accordingly. I migrate my apps to MySQL and I would 
like to have a better understanding of the whole system. Now I know that if 
I have really valuable data I have to embed into my classes some encryption 
/ decryption code.


It is better to know where is your achilleus tendon than to ignore it!

Thank you All!
Vassilis





----- Original Message ----- 
From: "Ted Roche" <[EMAIL PROTECTED]>

To: <profox@leafe.com>
Sent: Tuesday, September 05, 2006 8:24 PM
Subject: Re: [NF] Open Source Rookie + Database Servers



On 9/5/06, Vassilis Aggelakos <[EMAIL PROTECTED]> wrote:



My *valuable* database is an open book if a user of mine (just because he 
is
the pc owner and has admin rights)  modifies the source code of the 
server.

My ExtraLongAndDifficult password is useless.



Now we are getting to the heart of the matter: is it that you have
valuable DATA you wish to protect, Vassilis?

If this is the case, it's not the open- or closed-sourcedness of the
database engine that's your problem. The issue is that you have a
database running outside of your control. As an admin of anything
installed on my machines, I can change the administrative passwords
and read all data in a database.

Unless the data itself is encrypted.

Is this your situation?

--
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com



[excessive quoting removed by server]

_______________________________________________
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://leafe.com/mailman/listinfo/profox
OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech
** All postings, unless explicitly stated otherwise, are the opinions of the 
author, and do not constitute legal or medical advice. This statement is added 
to the messages for those lawyers who are too stupid to see the obvious.






















					Reply via email to