>No I can not trust the clients administrators.
>I have played now with MySQL and with MySQL you can change the password
>for root in MySQL (same as postgres in PostgreSQL). If you use the
>command line tools like dump you require the password. Just because
>your root doesn't mean your root in MySQL
be aware that for a sufficiently clever administrator, there is no
meaningful defense in windows, unix, or linux.
the client programs you have written must have access; there must be
access to the system catalog. unless you are using a properly set up
TCP over SSL connection to get to the database, your clients are
vulnerable to a man-in-the-middle attack. it takes a program that sits
passively in the connection collecting interesting data until it gets
what it needs.
unencrypted data residing in RAM or in swap space is at risk at all
times.
the sole purposes of the windows security "features" you are depending
on are to comfort PHBs and discomfit the inept. they don't really work.
richard
