Re: build a tamper-proof server?

On Mon, 26 Aug 2002 15:16:00 GMT, Daniel Morgan <dmorgan_at_exesolutions.com> wrote:
>kmv_dev_at_yahoo.com wrote:
>
>> Hi,
>>
>> Can someone suggest ideas on how to build a tamper-proof
>> server? i.e. I want to let my applications (an appserver)
>> to access the db, insert, and do whatever it needs to
>> complete the task. But once the transaction is committed,
>> all events must be logged, time-stamped and digitally
>> signed, and none of the records can be removed/modified
>> (not even by a dba).
>>
>> Any suggestion is welcome.
>>
>> xx
>
>It is impossible to make a tamper-proof system. There is nothing you can
>do to any database system that meets your requirements whether Oracle or
>any other.
>
>But you can easily audit activity and very easily mine the log files to
>identify who has done what and when.

These several posts about mining the log files have got me wondering...

cp the active log file
od out the bad things being done, put in a rollback for those transactions mv changed log file to original filename - since O has it open, unchanged file is still used
force log switch, archiver propagates changed file.

So the big question is, does the archiver deal with the inode or the filename? (Bad guy wouldn't care about restoreability issues, of course, likely that being messed would help his cause).

jg

-- 
These opinions are my own. 
http://www.garry.to                                       Oracle and unix guy.
mailto:joel-garry_at_nospam.cox.net                       Remove nospam to reply.