On Tue, 2010-10-05 at 14:49 -0400, Robert Haas wrote:
> On Tue, Oct 5, 2010 at 2:08 PM, Greg Stark <gsstark@mit.edu> wrote:
> > Though I find it unlikely the sales people would have direct access to
> > run arbitrary SQL -- let alone create custom functions.
>
> I have definitely seen shops where virtually everyone has SQL-level
> access to the database.
Uhh... yeah it is very common to point access at the database and say go
for it. Very common.
> Several of them. Most of them were pretty
> insecure, but it certainly doesn't help anything when the database has
> no capability to do anything better. Now, I will grant you that not
> everyone in those organizations was actually smart enough to do
> meaningful things with the access they had, but I never found that
> very comforting.
The better argument here is, the majority (by far, just google it) of
espionage is done IN HOUSE. It doesn't matter if it is a sales person.
It could be a disgruntled DBA.
JD
--
PostgreSQL.org Major Contributor
Command Prompt, Inc: http://www.commandprompt.com/ - 509.416.6579
Consulting, Training, Support, Custom Development, Engineering
http://twitter.com/cmdpromptinc | http://identi.ca/commandprompt