|
|
|||||||
| Chit Chat Public Talk about any thing you want! This forum is public. |
 |
|
|
Thread Tools | Search this Thread | Display Modes |
|
#1
10-03-2003, 11:28 AM
|
|||||||||||
|
|||||||||||
MySQL Database Security question
Hi all....quick question. I have a potential client that wants to host with us but has data that is very private data that they want no one to have access to. They said they do not want to host with us if our database can be accessed by anyone other than them or me. So, basically, am I correct in assuming that the Vortech /Matrix administrators have full access to any data? (I know it is probably policy that they cannot open the database, but the possibility is still there.)
It is nothing illegal! The site is for a domestic abuse shelter, so some of the data they store is considered "top secret". Thanks. 
|
|
#2
10-03-2003, 11:37 AM
|
||||||||||||
|
||||||||||||
|
Yes we have full access to the database but company policy to never open or even look at someones database with out them giving the ok. We will not even open an access database with out an OK for the user.
__________________
Brad Pugh http://www.vortechhosting.com ------ Local System/Network Monitor http://nagios.hsphere.cc/ Login:guest Pass:guest XML FEED http://nagios.hsphere.cc/feed.xml ------ My Other Life: 
|
|
#3
10-03-2003, 11:40 AM
|
||||||||||||
|
||||||||||||
|
In my opinion, if they store personal information about abused people, the kind of information you don't want getting out to anyone, you shouldn't trust it in a shared environment in the first place.
My guess is that admin has access to it if need be, but they'd never abuse that priviledge. You may want to consider offering them another option, like an in-house server for sensitive info - that is, unless if they need to share it online.
|
|
#4
10-03-2003, 11:50 AM
|
|||||||||||
|
|||||||||||
|
Quote:
Oh, I agree about the in-house server, as I have already given them the option. They could host it, but they don't get much funding, so the shared hosting option was more appealing to them, as the price is friendly with their budget.
|
|
#5
10-03-2003, 11:54 AM
|
||||||||||||
|
||||||||||||
|
Are you allowed to say why the'd want this information on the internet?
Are they hoping to set up an extranet? That's why I though maybe a really cheap server would be a good in-house option if they only need this data for one location. Of course, if it's to be shared with other locations, I see your point of the start up costs involved. And sadly, many of our best human resource, non profit organizations have the least money to work with.
|
|
#6
10-03-2003, 02:00 PM
|
||||||||||||
|
||||||||||||
|
This could be done, but they need to encrypt all the data with gpg or something similar and then access the website with an ssl connection.
But even with this solution someone could read the data by just looking at the memory of the server.
|
|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| client asked question about security? | bootNumlock | Chit Chat Public | 8 | 04-14-2003 06:55 PM |
Linear Mode
