Re: [Q] Security Paranoia....

All,

Thanks for the help. Just to comment on the common "You have to trust the DBA" thread. Being a sys admin myself I am well aware that you have to trust somebody. However the reality of my situation is this:

• We have an ongoing agreement to provide data and access to that data to our client
• The box that we will be hosting the data on is not ours, but the client's
• The client in turn has employed another company to use our data access mechanisms for a web site
• Now the client may decide to save a few bucks here (unethically of course) and decide to still take data from us, but not require us to provide the data access layer as they could just open up the tables to the web developers
• Now this would be in breach of contract of course, but we would never know. The updated data would still be getting there, but the client would no longer require us to provide access to it. Naturally that hurts us financially.
• Hence my requirement to prevent that happening. And the only way to do that is to not allow the client DBA to "open up" the database.

So I take your point that it appears as if I am being totally paranoid, but I believe I have a valid foundation for this. Furthermore are you saying that as an account holder at a bank I should be totally comfortable that a DBA somewhere can pull up my account history with impunity? After all there is no need to encrypt the data because we trust that DBA. ;-)

On Wed, 29 Aug 2001 06:24:15 GMT, donovan_at_namsys.com.au (Donovan J. Edye) wrote:

>G'Day,
>
>I am the database owner of a database called MyDB but not the database
>adminisitrator for the oracle server. The information that is
>contained in MyDB is sensitive needs to be secured from prying eyes.
>The only access to the database would be via a set of stored
>procedures.
>
>So is it possible to:
>
>- Encrypt the data in the database
>- Still write SQL such as SELECT * FROM MyTable WHERE AField = 'blah'
>within the stored procedures
>- Encrypt the stored procedures
>
>In short I don't want the dba or any other super user to be able to
>interact or see the data in the db in any way (tables, stored procs
>etc) and only want external users to access the data from a stored
>procedure interface. Users would be granted access to the stored
>procedure interface via a specified user name and password. The only
>things they would be able to see would be the stored procedures and
>execute them, but not the content of the stored procedures. If this is
>achievable then are there any other additional considerations should
>this database participate in replication?
>
>TIA
>
>-- Donovan
>donovan_at_namsys.com.au
Received on Thu Aug 30 2001 - 19:07:09 CDT