The Forums on slxdeveloper.com are now retired. The forum archive will remain available for the time being. Thank you for your participation on slxdeveloper.com!
|
|
Remote Database Secutity
Posted: 18 May 06 10:12 AM
|
buy citalopram 20 mg online buy citalopram 10mg online fiogf49gjkf0d We have a problem with our sales people losing their laptops and the information that might be contained on their remote databases. We have been asked to look into SQL encryption of their SalesLogix remote databases. Can we encrypt the remote DBs? If so, what is the performance hit? Could we just encrypt a few fields that contain sensitive information? Can we stop individual fields from syncing to remotes?
I read the other post regarding row level security and that might work for us in the application, but our compliance team wants to make sure there is no back door way for this information to get out.
Thank you!
|
|
|
|
Re: Remote Database Secutity
Posted: 19 May 06 6:15 AM
|
fiogf49gjkf0d Hmmm... Is your compliance team also demanding the SA password not be blank? It always is on remote DBs. Any compliance should demand each laptop have its own SA password unique to any other in the organization.
Here's a question I have. Can the sysdba password be changed on remote databases? This is the only issue I see with a 'backdoor' password existing.
I think if you can close both of those holes then you should be fine with any data access issues - depending on how demanding CC is.
As far as encrypting the data, not really sure of the performance hit or if it'd even work with SLX. I'd like to know.
John G.
|
|
|
|
Re: Remote Database Secutity
Posted: 19 May 06 12:33 PM
|
fiogf49gjkf0d Passwords unfortunately are not good enough. If you have the physical machine (and this applies to all SQL Server databases not just SalesLogix) all you need to do is stop the SQL Server services, copy the mdf to a machine where you have the sa password, and attach the mdf.
I suggest they look into ignoring SalesLogix as the problem and to escalate their concern to EVERY file on the laptop. There are solutions that encrypt the entire hard drive that organizations such as the US Military use for their laptops. I recommend looking into this if compliance is really that concerned.
Timmus |
|
|
|
Re: Remote Database Secutity
Posted: 19 May 06 12:42 PM
|
fiogf49gjkf0d Originally posted by Ian Fitzpatrick
Could we just encrypt a few fields that contain sensitive information? Can we stop individual fields from syncing to remotes? |
|
Ian, sorry that I glossed over the potential for only securing a single table or a couple of fields. You can definitely encrypt data within a single column. The main issue is that you have to handle all the databinding programmatically - the user enters a value into a control, you encrypt it, and then update the database for example.
There is also a flag in the SalesLogix metadata that allows you to prevent an entire table from synchronizing out to remotes. This may be an option if you can consolidate all of your "secure fields" into a single table for example. The flag is ResyncTableDefs.OmniDirectional = 'X' to disable a table from synchronizing.
Timmus |
|
|
|
Re: Remote Database Secutity
Posted: 19 May 06 12:46 PM
|
fiogf49gjkf0d Timmus,
Yes. You are correct. But they still have to get to the point AFTER logging into the box to stop SQL services. This doesn't bar them from ppping the drive out and installing it somewhere else to just access the files. Which brings into play your suggestion of encrypting the entire drive. That is the best solution.
John G. |
|
|
|
Re: Remote Database Secutity
Posted: 19 May 06 1:12 PM
|
progesterone progesterone effet fiogf49gjkf0d Originally posted by John Gundrum
they still have to get to the point AFTER logging into the box to stop SQL services |
|
Yes, the assumption I am making is that someone can get into Windows once they have the physical machine. We are on the same page.
Timmus |
|
|
|
Re: Remote Database Secutity
Posted: 19 May 06 2:28 PM
|
fiogf49gjkf0d Thanks guys! Compliance is talking about encrypting the entire drive and that sounds like the way to go.
I am taking over for another developer here and he put the Contact's social security number in one of the user defined fields on the contact table so unfortunately not syncing the Contact table is not an option.
Has anyone used the "Hidden" checkbox in the DB manager for version 5.2? Would that do anything? Also we are keying off the SSN quite a bit in our imports and such, I should have the "Indexed" checkbox checked, right?
Thanks for all your help! |
|
|
|
Re: Remote Database Secutity
Posted: 19 May 06 2:59 PM
|
fiogf49gjkf0d The hidden checkbox just removes the column from the query builder. It does not impact the underlying data structure. So, no, this will not help you with your compliance issues.
The way you describe your usage of the SSN column does seem to warrant an index.
Timmus |
|
|
|
Re: Remote Database Secutity
Posted: 25 May 06 2:24 PM
|
buy naltrexone 3mg where can i buy naltrexone click fiogf49gjkf0d [Please disregard this message. I posted this question under a new thread]
I am looking to stop contact.userfield1 from syncing out to remote databases, if I change the sync field in synctabledefs will that prevent just that field from syncing? Can anyone see any problems with that?
|
|
|
|