On Sun, 2003-01-26 at 14:01, Cecil O. Lynch, MD wrote: > Tim C wrote, > > > >These days, I thought that that Universities needed to be sponsored to > look into anything (including their own navels) -intellectual curiosity > or advancement of knowledge aren't enough any more. > > I can tell you that I for one(and several of my colleagues at the UC's) > are there because we ARE interested in learning, primarily for the sake > of learning. Hopefully, in the midst of our learning (and teaching) we > will contribute to something worthwhile, not just the patent office of > the University of California. It is somewhat difficult to get your work > out to open source (you have to send the code out and tell the lawyers, > oops, I made a mistake). We do have to produce something for the > University, but hopefully the 48% they pad in our grants for work space > and secretarial support will be enough for them.
Yes, I know, I was being mischievously cynical about the philosophy of economic rationalism which holds sway in most halls of learning these days. > > By the way, I love the Gene Hackman analogy, but how do you ever get two > doctors to agree to turn the key? You need Gene Hackman to hold a gun to one of their heads? No, to their secretary's head. Denzel Washington and Sean Connery are also needed (hmm, I think I'm mixing up my nuclear sub movies there...). Tim C > > > -----Original Message----- > From: Tim Churches [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 27, 2003 10:08 AM > To: Cecil O. Lynch MD > Cc: [EMAIL PROTECTED] > Subject: RE: MS SQL Server security Jan 25 03 > > > On Sun, 2003-01-26 at 03:37, Cecil O. Lynch, MD wrote: > > No, I am not saying that MSSQL Sever provides row level security. I am > > > saying that ANSI SQL allows one to write the scripts to enforce row > > level security. > > > > Take a look at > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/modco > > re > > /html/deconrowlevelsecuritysupportinissuetrackingsolution.asp > > OK, thanks. This is implemented at the application level, or at least at > a level above the base DBMS storage - in other words, it is a > discretionary access control method - meaning it can be turned off or > bypassed by the sysadmin or someone pretending to be the sysadmin. > > What I had in mind was mandatory access control, and I think Oracle is > the only mainstream vendor which provides this, sort of, with a very > expensive add-on (more expensive that base Oracle - so that's > expensive). Mandatory access control means that it can't be bypassed, > even by the system administrator. This is a strange concept to many > people, but it is highly desirable for protecting very large > aggregations of identified personal health information, as might be > amassed in a community-wide EHR. There are alternatives, such as > dual-control of (database or operating system) accounts which have > superuser privileges: two people are required to supply two separate > passwords (and/or authentication tokens) before the superuser can log on > to the system - similar to the Hollywood idea of nuclear missile control > systems in which two people, one of whom is Gene Hackman, have to turn > the keys simultaneously on control panels a few meters apart (too far > for one person to reach). Again, there is a real opportunity here for > open source systems to steal a march on commercial systems. > > > As far as "sponsored" comp scientists to roll out a Postgres version, > > sounds like a project for faculty and students "sponsored" by the > > University. > > Tim C > > > > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 > >
