 |
|
Oracle Tips by Burleson |
Web Stalkers
Chapter 1 -
The Illusion of Anonymity
Dealing with confidential data on the web
Regardless of the database architecture or specific product, all
data audits must capture the following information:
Who – A full identification of the person viewing or modifying the
data.
Where – A log showing the specific application procedure and method
used to access the data.
When – A reliable date-time-stamp, globalized to Greenwich Mean Time
(GMT).
What – A full listing of all data
entities that were viewed or modified.
Why – Context-based information
describing how the data was disclosed.
These web-based database systems have extremely
complex and complete auditing mechanisms, but they remain vulnerable
to outside hacker attacks.
Figure 1.1 – An example of a data access structure and its
vulnerable points
As
shown in Figure 1.1, there are many ways that web hackers can obtain
confidential information. In addition, internal disclosure of
private information is also a potential problem. This is especially
important for online health care databases. Successful web
companies apply sophisticated filters to the audit trails at data
capture time to spot suspicious trends and patterns in data access,
as in Figure 1.2.
|
Download your Oracle scripts now:
www.oracle-script.com
The
definitive Oracle Script collection for every Oracle professional DBA
|
|
