Date:         Wed, 3 May 1995 23:07:30 -0700
Reply-To:     The NOMAD2 Discussion List
Sender:       The NOMAD2 Discussion List
From:         SPH
Subject:      Re: Securing a db against knowledgable opponent

Chris.. your problem is much deeper than simple nomad code...   uh  like
this ex-admin guy needs to get his #@@# wacked.  You guys at Motorola
need a lesson in data security and ethics...




Walters Chris wrote:
>
> OK NOMADers, here's a problem
>
> I am the new system administrator for a shared db under VM. I need to
> protect the db from attacks by the previous sysadmin, who knows NOMAD pretty
> well. Users of the system (who have the DBAPASSword) ask him to write
> programs that change the db contents. My menu-driven system also has options
> that change the db contents (using CHANGE, INSERT, REPLACE, DELETE
> commands).
>
> I can't use a REMOVE in the db profile to remove the C/I/R/D commands
> because my menus use them too.
>
> I tried renaming the db, PRESCANing all procedures that do a DA XXXX OWNERID
> YYYYY and hiding the source code, but DA XXXX OWNERID YYYYY is still visible
> in the N2PROC. So he can get the database name.
>
> I tried moving all procedures containing DA XXXX OWNERID YYYYY  from the
> public 192 disk to the 191 disk of the owner account to hide them, but the
> procedures can't be found by VM when called. Seems like you can't execute
> code stored on the same disk as the shared db, probably because you don't
> access that disk directly. So I can't hide them either.
>
> No telling what accounts these rougue procedures live on so can't put a
> screen on &userid in place in the db profile.
>
> So, any suggestions? Please email replys directly to me - he may very well
> be on this list!
>
> Chris Walters
> CIDM, Motorola GSTG
> p23610@email.mot.com
back to index