Monday, June 2nd, 2008
So, you think you’ve removed that sensitive data (part II)
As I wrote in a previous post, truncating tables or scrambling content might not remove the actual data from the datafiles. The examples I gave in that post were Oracle related and now I’ll show the same using MS SQL Server 2005. I’d like to thank Dmitriy Geyzerskiy for providing the actual working example.
create database [...]
No Comments » - Posted in DBA, MS SQL Server, insider threat, security, technical tips by Slavik
Monday, May 26th, 2008
So, you think you’ve removed that sensitive data
I had an interesting conversation with Alexander Kornbrust yesterday about cloning databases. Most DBAs I know copy database files from production to create staging, integration and test environments. Those environments contain a lot of sensitive information (PII, CC, etc.) which is usually either deleted, scrambled or truncated. The problem with these solutions is that most [...]
3 Comments » - Posted in DBA, Oracle, insider threat, security, technical tips by Slavik
Sunday, June 10th, 2007
Propagating Middle-Tier and Application Users to the DBMS (Part 2 of 3)
As promised, this is the second of a three part blog entry discussing the propagation of middle-tier users to the database. This post will mainly concentrate on the Java side of things. I will show how to use Spring-framework’s excellent transactional support using AOP to add an additional advice, relying on ThreadLocal to pass application [...]
6 Comments » - Posted in Oracle, Uncategorized, technical tips, user identity by Slavik
Tuesday, May 22nd, 2007
Propagating Middle-Tier and Application Users to the DBMS (Part 1 of 3)
Well, I threatened to post something more technical, and here we are. I’ve just come back from a business trip to the US, meeting some prospects and customers. As always, I was asked a lot of technical questions. One of the frequent questions I encounter is - how can we propagate the application user and [...]