Re: open source PostgreSQL not supportable? (Was: Challenging SQL Query Problem. Can you solve it?)

From: paul c <toledobythesea_at_oohay.ac>
Date: Sat, 07 Jan 2006 05:46:48 GMT
Message-ID: <cBIvf.35275$tl.3252_at_pd7tw3no>

DA Morgan wrote:
> Justin L. Kennedy wrote:
>

>> In comp.databases.postgresql DA Morgan <damorgan_at_psoug.org> wrote:
>>
>>> The laws are intended to make sure that the audit trail prevents system
>>> administrators and DBAs from making unaudited changes. So root and all
>>> system/DBA passwords plus physical access to the server.
>>
>>
>>
>> Once you have root, you pretty much have everything needed to make any 
>> unaudited changes you want.  How does Oracle solve this problem?  For 
>> example, given root, what is to stop someone from opening up the 
>> tables in a hex editor as they appear on the hard disk?

>
>
> Hans gave you part of the picture. Another is built-in capabilities such
> as the DBMS_CRYPTO, DBMS_OBFUSCATION_TOOLKITS, and TRANSPARENT DATA
> ENCRYPTION that can make it impossible to use a hex editor on anything.
>
> Also, to make any changes undetectably would require bringing down the
> instance and database ... something impossible to do without leaving a
> record of the intrusion.
>
> There are many other ways as well. But these are enough to make the point.

Buffer overlow exploits and so forth make me wonder if any legislator really knows what they're talking about, at least when it comes to computers. (of course they may be competent in some other field but if that's so, why did they go into politics?)

although i'm not up to it, i suspect that undetected tampering with the data of any of the major db products is quite feasible. if that's so, then i'm guessing that the proponents of proprietary software as far as the topic is concerned are relying on the size of the vendors of those dbms/s (eg. their financial substantialness) for legal recourse by a customer who's been taken to task by the Feds, which is a remedy that seems apart from the intent of Oxley etc laws.

p Received on Sat Jan 07 2006 - 06:46:48 CET

This message: [ Message body ]
Next message: MBPP: "Re: open source PostgreSQL not supportable? (Was: Challenging SQL Query Problem. Can you solve it?)"
Previous message: MinZero: "Re: How to search?"
In reply to: DA Morgan: "Re: open source PostgreSQL not supportable? (Was: Challenging SQL Query Problem. Can you solve it?)"
In reply to DA Morgan: "Re: open source PostgreSQL not supportable? (Was: Challenging SQL Query Problem. Can you solve it?)"
Next in thread: DA Morgan: "Re: open source PostgreSQL not supportable? (Was: Challenging SQL Query Problem. Can you solve it?)"
Reply: DA Morgan: "Re: open source PostgreSQL not supportable? (Was: Challenging SQL Query Problem. Can you solve it?)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message