On 3/7/2016 9:43 AM, Stephen Russell wrote:
When they open the employee table and can read a SSN is when it gets shaky.
Or open the customer table and make a copy for themselves as they walk off
to a new job.
Or use their smart phone to take a picture of the screen full of
sensitive personal data, or company proprietary information. ROFLTIPMP
I used to worry about this a little. But then I saw just how easily any
employee that has rights to use an application can compromise data of
that application. And it has nothing to do with the underlying
technology. Generally speaking, a directed employee attack will succeed
to varying degrees of success. "Outside" attacks are the real danger,
but are also the most easily blocked (unless of course you're developing
brower-based applications.... hahahaha)
Now, of course if you're talking about "direct access" to a database
from "anywhere" then, yeah, that's a worry. But then, even all DB
servers have security problems (aka SQL Injection etc).
I've found a VFP database on a network share, with managed user access
rights, has been quite secure. Sure, if some user is granted rights that
shouldn't have it, problems are possible. But then that's a failure of
network security processes.
Some things like segregating data inside an application are definitely
easier out of the box for DB servers, but I accomplished the same thing
in VFP apps by using subfolders <shrug>.
But hey, go ahead and think you're secure just because you're using SQL
Server or Oracle... or PostgreSQL... Nowadays technology folks aren't so
much about truth as they are about money and lying enough to themselves
to sleep at night.
-Charlie
_______________________________________________
Post Messages to: ProFox@leafe.com
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/56de0e20.6040...@verizon.net
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
