"Donovan J. Edye" <donovan_at_namsys.com.au> wrote in message
news:3b8ed28e.89278505_at_can-news.tpg.com.au...
> So I take your point that it appears as if I am being totally
> paranoid, but I believe I have a valid foundation for this.
> Furthermore are you saying that as an account holder at a bank I
> should be totally comfortable that a DBA somewhere can pull up my
> account history with impunity? After all there is no need to encrypt
> the data because we trust that DBA. ;-)
Thanks for the clarification. I can now see better where you are coming from
(though I still disagree <g>). Yes I am saying that I am comfortable with
the idea that my banks dbas could if they wished pull up my account history
with impunity. I certainly would trust them more than the 18 year old girl
on minimum wage in the front office who can do exactly the same thing
without arousing suspicion. Security always comes down in the end to people.
To take an example from my other role here IIS Web servers should have been
secure against the code red worm over a month before it hit. Why weren't
they. Failures of people. Technology can be more or less secure (and I'm not
holding up IIS as amodel of excellent) but technology doesn't in the end
make things secure, people and processes do.
--
Niall Litchfield
Oracle DBA
Audit Commission UK
Received on Fri Aug 31 2001 - 03:52:27 CDT
