Hi folks,
in a few weeks I'll start a short course on the basics of database
security for a group of high-school students with a background in
elementary relational theory and SQL. I plan to explain the usage of
grant/revoke, RBAC, DAC, and inference in statistical databases.
I'd like to take the opportunity to also engage students about the topic
of privacy (or lack thereof). So, I am here to ask if you have
interesting/(in)famous stories to share on database security/privacy
"gone wrong" or "done right"(tm), possibly with technical details (not
necessarily to share with the students, but for me to understand the
problems). I am asking to this list because I will use PostgreSQL, so
maybe I can collect ideas that I can implement or demonstrate in
practice.
Thanks in advance,
Life.