Hi Helen,

I’ve got some answers.

Am 07.01.2014 um 08:34 schrieb Helen Borrie <helebor@...>:

>
>>> I expressed surprise that the software would have received government certification if it was set up wrongly from a security perspective. Only your supplier/developer can go through this with you and explain what (if anything) you need to do.

The government certifies only the forms (the P.I.S. developer is not more than a printery) and the on-line connection with the health agency, not the database safety. However, she gives some good, but sometimes incomplete guidelines.

>
> At 06:53 p.m. 7/01/2014, Marc Hakman wrote:
>>>
>> Every client has a pw and different rights: the cabinet. In my view, the database file with the unchanged default admin account name and pw is the missing rear wall. Is that correct?
>
> If the SYSDBA password is 'masterkey' then YES, your assessment is correct.
>
>> Still untouched: patient chip card.
>> Where can I find info about the possible risks of patients chip cards. In your books?
>
> Not in my books. I'm not even sure what you are talking about. I suppose it must be some kind of smartcard storing patient data that can be read by a dedicated reader device.
>
>> How can I read out, wether they do something / nothing with my database file.
>
> I guess that the authority that issues these cards must have some information available about the data format and the device API, so that people like your software developer can write applications to read from the card and (if supported) write to it.
>
> I have never heard of a smartcard that could log into a database as SYSDBA, I must confess! That would be some amazing wee beastie. ()()()()()()()()(^ ^)
> Glad too read that.
>> I don’t like to trust my developer, because he has interest in selling and therefore in certification; not in the security of my database files (= patients and financial company files). My assumption is wrong. The certification (as a printery) and safety are completely different issues. The developer has a real interest in safety. Although he admits, that the safety is not very high. He explained: within the database, the files are partially written in a binary format and the information is scattered over many tables. It is almost impossible to find their context. So the patient files in the cabinet are shredded. Is OK, or not?
>
> Really? I thought the primary reason for certification was quality assurance of (only as a printery, see above) which data security is a significant part and customer support is another. I get the impression that you haven't made contact with the software support people about this chip card issue.
>
>
> Helen Borrie, Support Consultant, IBPhoenix (Pacific)
> Author of "The Firebird Book" and "The Firebird Book Second Edition"
> http://www.firebird-books.net
> __________________________________________________________________
>
>
>
> ------------------------------------
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Visit http://www.firebirdsql.org and click the Resources item
> on the main (top) menu. Try Knowledgebase and FAQ links !
>
> Also search the knowledgebases at http://www.ibphoenix.com
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Yahoo Groups Links