@NormanDunbar honestly I don’t think anyone does believe otherwise- but the implications of admitting “oh yeah, sure, Fujitsu staff are literally god on this system” in any formal, much less legal, capacity are probably pretty severe.
That’s the crux of technology and privacy- we know the sys admin or db admin has god level access, they know they have god level access, but it remains unspoken because it’s too spicy to think about and too costly to fix 😬
@NormanDunbar believe because they sincerely believe, or believe because if they admit otherwise - even to themselves - they've just achknowledged a critical security oversight? 😆
Didn't know because they didn't know. Or didn't know because admitting they did know, implies they are culpable for not blowing the whistle.
I mean we all know, right, we've all been the admin getting the user out of a bind, or the user calling the admin for some workaround? 😆
@NormanDunbar@JackTheCat I am not and never have been a DBA. Hwever I am an applied mathematician who has developed and deployed validation technologies I. A number of areas, security, finance, defence and can guarantee that only destruction can hide tampering if it is done properly.
@NormanDunbar@JackTheCat auditing these trails is not our job but I have as have my colleagues been used in a number of fraud cases across Europe. Dull publicly, but the fringe benefits can be great…
@Wen@JackTheCat Sounds like fun. For certain values of "fun". In a couple of contracts I was on, I was told that I bullshit so well, that I should be the one to deal with the (internal) auditors. So I did.
Once I sussed them out as to whether or not the knew the tech details, I was up front honest with them. Never had a bad report! 😁 Honesty definitely pays.
@NormanDunbar yes MSSql. Oracle have there own doozies though: sometimes all the default users have "oracle" as the password , or sometimes might have "adminstrator/adminstrator" "default/default" 😂
Add comment