| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: Tough question for oracle DBAs/Solaris Admins. Log shipping.
Vladimir M. Zakharychev wrote:
> Well, that's exactly the problem I tried to highlight - if you have
> single source for the audit trail, and this source is read-write, there
> is no way to tell if it was modified after the fact, encrypted or not.
I don't agree. From the standpoint of government agencies and espionage it clearly doesn't meet the test. Even a half-wit in the CIA could follow your line of reasoning and defeat the system.
But here we are talking about meeting the test of the SEC, FTC, and EC and it is sufficient. (Perhaps they don't employ enough half-wits).
> That's exactly the issue with voting machines in use in several states:
> they generate no paper trail, so their own internal log is not
> verifiable and can't be trusted - someone with enough privileges could
> forge the voting results, alter the log and get away with it because
> there's no second read-only source to verify against.
Not my impression. My understanding is more that the person voting has no audit trail that their vote was recorded correctly. Essentially we distrust the companies that wrote the software and refuse to open it up to inspection. And I would too. Because any software used to count votes that can't be phrased in a couple of IF/ELSIF/ENDIF statements is suspect by definition.
>> Keep in mind the issue is a good faith effort to comply with the law. >> Not can I defeat the world's number one Oracle security expert.
I was referring to Mr. Finnegan who is both. And from what I have read of your postings here at c.d.o.s. I think you've no reason to be so humble.
-- Puget Sound Oracle Users GroupReceived on Sun Sep 03 2006 - 21:28:16 CDT
 |
 |