Philip Thompson wrote: > I understand what you're saying, but I don't completely agree with > this. What happens when the DBA has a table of names and SSNs on > screen and then gets up from his desk to run to the bathroom? In the > fear that he may ruin is best slacks (err, jeans), he forgets to close > the DB viewer or lock his desktop. Mr. ShouldntBeInHere walks by, sees > the monitor of data and takes a picture with his new iPhone 3G and > keeps walking. Well, now he just grabbed 50 names and SSNs. Uh oh!
1) the DBA should not have read access to sensitive customer data. He only does database admin after all. 2) it should be standard procedure to manually lock the screen, and 3) have an automatic lock after e.g. 5min. 4) if you have a Mr. ShouldntBeInHere in your datacenter, your security has failed elsewhere. Ad 2) - I worked in banking IT some 20 years ago, and not locking your screen when you were away from your desk was a sackable offence. /Per Jessen, Zürich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
