| Subject | Re: [IB-Architect] Fw: Mischievous SYSDBA |
|---|---|
| Author | Jan Mikkelsen |
| Post date | 2000-05-27T10:13:42Z |
Steve Tendon <steve@...> wrote:
Why is physically securing a machine and using proper database and operating
system access control an inadequate solution for requirement 2?
Given the potential attackers in requirement 1 are competent developers, why
do you think that a broken security system will do any good at all?
Jan Mikkelsen
>Let me see if I can pull together some threads here.Ok, we have two distinct requirements, which are unrelated.
>
> [On stating the requirement]
>In scenario 2 there are at least two kinds of problems: (1) you want to
>prevent competitors to reverse-engineer your application, and avoid
>revealing your data model, SPs, and other valueable information; (2) you
>want to ensure the end-customer that ~his~ data is relatively safe. The
>end-customer might be concerned about security, confidentiality and privacy
>issues.
> [ On a broken crypographic implementation being a waste of time ]stated
>Jan, what you say is true.
>
>The problem is that 99.999% of customers (i.e. not developers,
>semi-competent or otherwise) do not know this. And ~they~ don't bother to
>know. They look at a feature-matrix, and see that IB has something missing
>when compared to other products - even toys like Access. There are few
>semi-competent developers (let alone good ones) around. Incompetent
>customers outnumber developers any day. Unfortunately for developers,
>customers are the ones who pay the bill.
>
>Even a solution that lulls into a false sense of security could be good
>enough (no matter how much it stinks). It raises the bar. Today the cost to
>get into a GDB is zero. Even an incompetent customer can do it. So raising
>the bar in such way that you need at least a semi-competent, or even
>incompetent, developer to do so, would still be progress compared to the
>current situation. This would exclude some 96-98% of all people that
>currently can get into a GDB today. The remaing 2-4% are akin to the
>professional burglars that would get into your house even if you lock it up
>twice.
>
>In terms of precise requirements, let us address problems (1) and (2)
>above; (2) being more urgent than (1).Ok, I have some questions:
Why is physically securing a machine and using proper database and operating
system access control an inadequate solution for requirement 2?
Given the potential attackers in requirement 1 are competent developers, why
do you think that a broken security system will do any good at all?
Jan Mikkelsen