Обсуждение: [GENERAL] [OT] Help: stories of database security and privacy
Hi folks, in a few weeks I'll start a short course on the basics of database security for a group of high-school students with a background in elementary relational theory and SQL. I plan to explain the usage of grant/revoke, RBAC, DAC, and inference in statistical databases. I'd like to take the opportunity to also engage students about the topic of privacy (or lack thereof). So, I am here to ask if you have interesting/(in)famous stories to share on database security/privacy "gone wrong" or "done right"(tm), possibly with technical details (not necessarily to share with the students, but for me to understand the problems). I am asking to this list because I will use PostgreSQL, so maybe I can collect ideas that I can implement or demonstrate in practice. Thanks in advance, Life.
On Tue, Apr 11, 2017 at 21:48:58 +0200, Lifepillar <lifepillar@lifepillar.me> wrote: > >I'd like to take the opportunity to also engage students about the topic >of privacy (or lack thereof). So, I am here to ask if you have >interesting/(in)famous stories to share on database security/privacy >"gone wrong" or "done right"(tm), possibly with technical details (not >necessarily to share with the students, but for me to understand the >problems). I am asking to this list because I will use PostgreSQL, so >maybe I can collect ideas that I can implement or demonstrate in >practice. "Translucent Databases" has some interesting ideas about providing privacy by operating directly on encrypted data (without decrypting it) so that information is kept private even from the database. The are major limitations on what you can do, but there may be some cases where the techniques can be used.