Skip site navigation (1) Skip section navigation (2)

Re: Data Encryption

From: "Nick" <nick7535(at)hotmail(dot)com>
To: <pgsql-novice(at)postgresql(dot)org>
Subject: Re: Data Encryption
Date: 2007-03-29 18:03:07
Message-ID: BAY131-DAV1456D31C055F17E0FC5CF3C46C0@phx.gbl (view raw or flat)
Thread:
Lists: pgsql-novice
>> > i am new to postgres and am puzzled how to solve the untrusted
>> admin
>> > problem.
>> >
> Please do not take affront if I am reading way too much into your
> question, but if the following scenario is true:
> 1)  It is a web application with the server colocated in the US
> 2)  You are the developer AND admin and are not in the US
>
> If so, you obviously trust yourself -- the problem is that customers or
> prospective customers will possibly (likely) be hesitant to use your
> service, particularly when SSN's, names and employee addresses are 
> involved.

The original question was on-topic (basic technical question re postgresql) 
but the answer wasn't.

I'm sorry to continue off-topic and will endeavour never to do it again 
but...

The original question is a serious one that few companies seem to take 
seriously. I've had a number of freelance jobs as an Oracle DBA over the 
years and it has shocked me how careless big companies can be with their own 
and their client's data, some of it supposed to be confidential.

As a DBA I've been able to access all sorts of sensitive data if I'd chosen 
to. I was trusted and have never betrayed that trust. But consider my and 
countless others' positions:

- I might be there for a few months with no commitment as such to the 
company;
- People trust me because I'm a nice guy and hey, DBAs are trustworthy, 
aren't they?
- I tend to work for the same type of companies because having oil company 1 
on my cv is attractive to oil company 2;
- I have access to data that might be worth a lot of money to oil company 2.
- And as a DBA I sometimes have to work out of hours when there's noone to 
watch me (not that anyone ever does anyway).

Should I be trusted by these big companies who should be protecting the 
interests of their share holders?
No way.
But I always have been. And so have others I've known who I wouldn't trust 
with my credit card number.

OK, I promise, with fingers firmly crossed, never to get involved in an 
off-topic discussion again!

And I'm sorry but I can't answer the original question.

Nick. 


pgsql-novice by date

Next:From: Ramon OrticioDate: 2007-03-30 01:34:29
Subject: PL/pgSQL how to install
Previous:From: nhrcommuDate: 2007-03-29 11:15:29
Subject: Re: Data Encryption

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group