asked on
Database security - request for data by business partner
Hi,
My boss has asked me to help with a request from an outside 'company' to provide information on our database. I might be going mad, completely wrong or in disbelief but I feel there are huge security implications to this. The initial request by the outside company is below...
1. What databases are you using?
2. Where are they hosted and who (what person) has access to them?
3. What is the current methodology you are using to tap into these databases for your website?
Then they make further requests...
"What we would ideally like to receive is as follows:
4. Electronic copy of sample data records for each club/location and all data fields, not just those displayed on the web
5. Format: any readable format e.g. .txt, rss, xml,
6. Volume: the more records the better, minimum 50 and ideally a random sample from all the databases
7. What is the total count of records held? (e.g. they hold 250 venue locations, 323 registrations)
8. Are you able to provide a data dictionary (a document which describes each field)
9. When was this data first collected/ created?
10. How is this data updated/refreshed and how frequently?"
Ok, so I am willing to provide an rss feed if they would like to use our data which is a common thing to do but it sounds to me like a lot of what they are asking for exposes our database way too much.
Forgive me if I am wrong but my alarm bells are going off. It would be good to get an official reaction to this from another developer/dba to back up my concerns.
Thanks for your time with this.
My boss has asked me to help with a request from an outside 'company' to provide information on our database. I might be going mad, completely wrong or in disbelief but I feel there are huge security implications to this. The initial request by the outside company is below...
1. What databases are you using?
2. Where are they hosted and who (what person) has access to them?
3. What is the current methodology you are using to tap into these databases for your website?
Then they make further requests...
"What we would ideally like to receive is as follows:
4. Electronic copy of sample data records for each club/location and all data fields, not just those displayed on the web
5. Format: any readable format e.g. .txt, rss, xml,
6. Volume: the more records the better, minimum 50 and ideally a random sample from all the databases
7. What is the total count of records held? (e.g. they hold 250 venue locations, 323 registrations)
8. Are you able to provide a data dictionary (a document which describes each field)
9. When was this data first collected/ created?
10. How is this data updated/refreshed and how frequently?"
Ok, so I am willing to provide an rss feed if they would like to use our data which is a common thing to do but it sounds to me like a lot of what they are asking for exposes our database way too much.
Forgive me if I am wrong but my alarm bells are going off. It would be good to get an official reaction to this from another developer/dba to back up my concerns.
Thanks for your time with this.
DatabasesSecurityASP.NET
Last Comment
geowrian