Hello Geoff Worboys:

======= At 2004-01-06, 11:58:00 Geoff Worboys wrote: =======

<snip>

>Some people have requested that FB provide the ability to
>encrypt the database. But even if it did this you cannot
>protect the database from authorised users.

here here!

> You could obscure the decryption key inside the executable,

Usually, it's stored elsewhere... hardware or certificate/ASN
schemes for most part.

AFAIC, this is doable. It's also important:
http://www.rsasecurity.com/worldwide/securwatch/encryption/

> Many assume that, because the database is tucked away behind firewalls
> and other corporate security defences, it is safe from harm.

> Not necessarily so. As one security analyst put it: "Many people are focused
> on the security of their networks and operating systems. However, little
> attention is given to actual database security."

> There have been many highly publicised cases of credit card numbers
> being sucked from databases and becoming public information, even from
> very large organisations. One 2002 report estimated that one in 10 corporate
> databases connected to the Internet suffered from a security breach over the
> course of a year, while Visa and MasterCard admitted as recently as February
> 2003 that crackers had obtained details of up to five million credit card accounts.

= = = = = = = = = = = = = = = = = = = =

Best regards.
Jim McKay
JMcKay@...
2004-01-05 17:23:00





--
Outgoing mail is certified Virus Free.
Checked by AVG Anti-Virus (http://www.grisoft.com).
Version: 7.0.209 / Virus Database: 261.5.6 - Release Date: 1/2/2004