2aHawaii
General Topics => Off Topic => Topic started by: macsak on August 14, 2024, 12:38:31 PM
-
https://www.youtube.com/watch?v=kRZujGU7Xi8
-
When I used PII (Personally identifiable information), the database was created with separate tables for SSAN, Phone No., Credit Card and banking numbers, ...
That way, you could use the innate security features of the database software to secure those parts. Separate storage tables/entities were given stricter access controls (Permissions), were encrypted at both the hardware and database level, and any applications that used the data were coded to mask the data upon retrieval, such as only showing the last four digits to verify it's the data you wanted.
The problem is, when other parts of the system are not as secure, the hackers can gain root administrator access relatively quickly, At that point, if the database is allowing administrator access to those users, you've shot yourself in the foot.
There are schemes at the filesystem level to also provide well-defined access to individuals or groups. That offers extremely tight security. If only one login has access to that data, then even root can't see it. The problem is, the more complicated the access control scheme, the more time involved in setting it up and managing it. Administrators do make mistakes, and I've seen one temporarily provide wider access to sone files to do backups or restores, then not accurately apply the controls again.
There are scanning programs to alert when permissions on objects change, but again, that has to be designed and maintained, but at least it detects if a human messed up.
I hope a lot of people lose their jobs if this was their screwup.
-
What a perfect excuse to roll out digital ID so that we can be forced right over to govt crypto when they crash the dollar
-
Election year!!!
How interesting.
-
Does this mean that I should be able to find Suni Lee's phone number and address? :rofl: