[LINK] No more human sysadmins??
Rick Welykochy
rick at vitendo.ca
Sat Aug 10 02:39:44 AEST 2013
Bernard Robertson-Dunn wrote:
> If the data is held in an SQL database and only an application can
> access that application, then the sysadmin would have to go through the
> application. If they are not in the ACL (which is under the control of
> the application manager), then they can't get at the the data. If
> necessary, the data in the SQL DB can be encrypted.
IMHE (in my humble experience), whomever installed the database,
to continue your example, will be able to gain "system wide"
privileges quite easily, managerial and application level staff
aside.
Don't forget that for many (majority?) of software products, there
is the cumbersome application-level GUI interface and then there are
the handy-dandy shell tools that Real Sys Admins use to get at anything
in the system. This includes SQL and NoSQL databases.
Anyway, at the bottom level, it is all bits on storage media. These
bits can be accessed by anyone with enough skill. The bits can then
be interpreted as required by anyone given enough time, talent and
dare I say money. At the bottom level, a raw disk can be relieved of
the secrets it keeps by reading its bits.
Consider this. If a server box is so locked down that an admin cannot
even log on and look around, then when that server fails it becomes
a very expensive doorstop.
cheers
rickw
--
------------------------------------
Rick Welykochy || Vitendo Consulting
It's choice, not chance, that determines your destiny.
-- Jean Nidetch
More information about the Link
mailing list