We help IT Professionals succeed at work.
Get Started

Database security - request for data by business partner

MonCapitan
MonCapitan asked
on
373 Views
Last Modified: 2012-05-11
Hi,

My boss has asked me to help with a request from an outside 'company' to provide information on our database. I might be going mad, completely wrong or in disbelief but I feel there are huge security implications to this. The initial request by the outside company is below...

1. What databases are you using?
2. Where are they hosted and who (what person) has access to them?
3. What is the current methodology you are using to tap into these databases for your website?

Then they make further requests...

"What we would ideally like to receive is as follows:
4. Electronic copy of sample data records for each club/location and all data fields, not just those displayed on the web
5. Format: any readable format e.g. .txt, rss, xml,
6. Volume: the more records the better, minimum 50 and ideally a random sample from all the databases
7. What is the total count of records held? (e.g. they hold 250 venue locations, 323 registrations)
8. Are you able to provide a data dictionary (a document which describes each field)
9. When was this data first collected/ created?
10. How is this data updated/refreshed and how frequently?"

Ok, so I am willing to provide an rss feed if they would like to use our data which is a common thing to do but it sounds to me like a lot of what they are asking for exposes our database way too much.

Forgive me if I am wrong but my alarm bells are going off. It would be good to get an official reaction to this from another developer/dba to back up my concerns.

Thanks for your time with this.
Comment
Watch Question
This problem has been solved!
Unlock 2 Answers and 6 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE