Monday, June 2nd, 2008
So, you think you’ve removed that sensitive data (part II)
As I wrote in a previous post, truncating tables or scrambling content might not remove the actual data from the datafiles. The examples I gave in that post were Oracle related and now I’ll show the same using MS SQL Server 2005. I’d like to thank Dmitriy Geyzerskiy for providing the actual working example.
create database [...]
No Comments » - Posted in DBA, MS SQL Server, insider threat, security, technical tips by Slavik
Monday, May 26th, 2008
So, you think you’ve removed that sensitive data
I had an interesting conversation with Alexander Kornbrust yesterday about cloning databases. Most DBAs I know copy database files from production to create staging, integration and test environments. Those environments contain a lot of sensitive information (PII, CC, etc.) which is usually either deleted, scrambled or truncated. The problem with these solutions is that most [...]
3 Comments » - Posted in DBA, Oracle, insider threat, security, technical tips by Slavik
Monday, May 26th, 2008
Weird MS SQL Server bug
A somewhat technical post on MS SQL Server encrypted triggers.
It turns out that MS SQL Server 2005 has an issue with encrypted triggers in the model database. We’ve created an encrypted database level trigger on DDL operations in all databases including the model database so that when a new database is created the trigger will [...]
1 Comment » - Posted in DBA, MS SQL Server, technical tips by Slavik
Thursday, January 17th, 2008
Most DBAs do not apply security patches
In a recent survey we conducted, it turned out the DBAs are mostly ignoring security patches. Two thirds of the DBAs have never applied a CPU and only about 10% of them are applying CPUs in a timely fashion. After releasing the survey, we had some interesting responses in online publications [...]
2 Comments » - Posted in Oracle, security by Slavik
Saturday, November 17th, 2007
Propagating Middle-Tier and Application Users to the DBMS (Part 3 of 3)
Well, finally I’m writing the third part of the blog. The thing that pushed me to finish this was a talk I had with Tim Hall of Oracle-base fame after his Unconference presentation in Oracle OpenWorld. Tim told me that his Java developers are claiming that adding user context information in an already existing application [...]
No Comments » - Posted in Java, Oracle, security, technical tips by Slavik
Wednesday, August 22nd, 2007
Oracle CPUs - Do We Care?
I promised to blog a bit about my traveling, so here I go:
I was visiting customers in India and the US and giving presentations to Oracle user groups in the US. Amazingly, the state of US airports is just getting worse every month. Flying from Israel to India and from India to NY went without [...]
6 Comments » - Posted in DBA, Oracle, compliance, patching by Slavik
Thursday, July 5th, 2007
DBAs are not the enemy, but they too need watching
Back after a short and much needed hiatus, I came across this piece by security analyst Eric Ogren on Computerworld’s website. He discusses how DBAs have become public enemy number one because of compliance mandates to exercise segregation of duties, and how this has been blown out of proportion to other, greater risks.
A few days [...]