Subject Re: [IB-Architect] Fw: Mischievous SYSDBA
Author Steve Tendon

> Ok, we have two distinct requirements, which are unrelated.

Yes, they are unrelated. That doesn't change the fact that they're perceived
as real problems.

> Why is physically securing a machine and using proper database and
> system access control an inadequate solution for requirement 2?

I don't believe I suggested that solution was inadequate. It is very
appropriate indeed. Problem is, you as a developer/VAR/vendor cannot ensure
it: it's up to the end-user to implement it.

It is much a matter of education, i.e. educating the end-user about what the
real soultion is. Unfortunately this is easier to say than to do. Especially
if you don't know who the end-user is. The ~majority~ of end users would
rather keep on being lazy, and feel comfortable knowing that their data is
"secure"... without worrying about OSs, file systems, networks, etc.. For
many it is hard enough knowing where to find the swithc to turn on their PC.

> Given the potential attackers in requirement 1 are competent developers,
> do you think that a broken security system will do any good at all?

I was probably vague. The statement about inadequate security being good
enough was addressed at requirement 2, i.e. end-users feeling comfortable
about their data being securing. (Let me stress the again: it is sufficient
they fall into a comfort zone. The degree of real security is almost
secondary. The problem is we can't even make them come near a comfort zone
as things are today.)

Requirement 1 is much harder to realize.

May I ask you - really all of you here on IB-Architect - to suggest a
solution. Can we please stop focusing on what we CAN NOT do, and instead
come up with ideas of what we CAN do.

Or is it really so that there is no solution to these problems? If there is
no technical solution, then lets give up and hand the ball over to AnnH and
PaulB, and ask: how do we deal with the perceived deficiency (i.e. perceived
by end-users in the sense of feature-matrix comparison vs. other products)?