Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: open source PostgreSQL not supportable? (Was: Challenging SQL Query Problem. Can you solve it?)
paul c <toledobythesea_at_oohay.ac> wrote:
> DA Morgan wrote:
>> Justin L. Kennedy wrote:
>>
>>> In comp.databases.postgresql DA Morgan <damorgan_at_psoug.org> wrote:
>>>
>>>> The laws are intended to make sure that the audit trail prevents system
>>>> administrators and DBAs from making unaudited changes. So root and all
>>>> system/DBA passwords plus physical access to the server.
>>>
>>>
>>>
>>> Once you have root, you pretty much have everything needed to make any
>>> unaudited changes you want. How does Oracle solve this problem? For
>>> example, given root, what is to stop someone from opening up the
>>> tables in a hex editor as they appear on the hard disk?
>>
>>
>> Hans gave you part of the picture. Another is built-in capabilities such
>> as the DBMS_CRYPTO, DBMS_OBFUSCATION_TOOLKITS, and TRANSPARENT DATA
>> ENCRYPTION that can make it impossible to use a hex editor on anything.
>>
>> Also, to make any changes undetectably would require bringing down the
>> instance and database ... something impossible to do without leaving a
>> record of the intrusion.
>>
>> There are many other ways as well. But these are enough to make the point.
>
>
> Buffer overlow exploits and so forth make me wonder if any legislator
> really knows what they're talking about, at least when it comes to
> computers. (of course they may be competent in some other field but if
> that's so, why did they go into politics?)
>
> although i'm not up to it, i suspect that undetected tampering with the
> data of any of the major db products is quite feasible.
Add backdoors and things get even more interesting. One commercial database (ISTR it was Interbase) shipped with a backdoor for years that only got discovered (and removed) when the code finally went Open Source.
Regards,
Alex.
-- "Opportunity is missed by most people because it is dressed in overalls and looks like work." -- Thomas A. EdisonReceived on Sat Jan 07 2006 - 03:56:24 CST