MySQL Forums
Forum List  »  MySQL Administrator

Protect data from DBA
Posted by: ajm force
Date: August 05, 2011 11:54PM

Hi all
Pls forgive me for my strange question. I am basically from Telecommunication engineering background recently i changed my career to software development i am mainly interested in information security.
How do i protect mysql data from DBA? Can i prevent a DBA(root user) from reading some of the tables or switch off logs?

In mysql or any other information system DBA is a user with root privilege he can turn off all logs and bypass security measures.
So there is no way to trace him. Most of the people think that Computer systems are more secure than paper. But in my view it is very very insecure. Because when we change some think in the paper we have to make some trace by cut down the already written letters. But with database we can update column without any trace. Database logs can prevent normal users from doing it. But a DBA can easily by pass it. One possible solution is to make root user depend on more than one physical users. So all have to give password to get root privilege by someone. Even that scenario also they should not turn off logs for auditing. I like to discuss on this topic and i like to know what are the solutions other organizations use.

Options: ReplyQuote

Written By
Protect data from DBA
August 05, 2011 11:54PM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.