Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Sep 2002
    Posts
    456
    Thanks
    0
    Thanked 20 Times in 20 Posts

    malicious programmers

    I was looking for to create a developers database by copying our main one and came accross a tutorial about moving all databases to another server...
    Moving Data Directly Between Databases

    How would you like to replicate your present database to a new location? When you are shifting web hosts or database servers, you can directly copy data to the new database without having to create a database backup on your machine and restoring the same on the new server. mysql allows you to connect to a remote database server to run sql commands. Using this feature, we can pipe the output from mysqldump and ask mysql to connect to the remote database server to populate the new database. Let's say we want to recreate the Customers database on a new database server located at 202.32.12.32, we can run the following set of commands to replicate the present database at the new server.
    This uses one line of code (not shown here), couldn't this cause problems if say an disgruntled employee or former programmer were fired!

    Knowing that it takes up to a week for papers to be processed and employees to be removed from a system seems like if they had developer priviledges they could steal or move every database you have in the blink of an eye and you wouldn't know it! Take a place like amazon.com one developer could easily copy every database, client & employee name, address, email addresses, credit card numbers etc. without anyone knowing. Or am I wrong as to how this works?

    Just wondering!
    NO Limits!! DHCreationStation.com
    ------------------------------------------------------------
    Broken items wanted for tinkerin'! PostItNow@BrokenEquipment.com
    Global Complaint Dept.

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,449
    Thanks
    76
    Thanked 4,373 Times in 4,338 Posts
    You are assuming that the database managers are idiots.

    Yes, if they don't have any protections, what you say is possible.

    But normally the DBA would restrict logins to the database to *ONLY* IP addresses within the company. So once an employee is kicked out the door, he can't connect to the DB because any IP address he uses won't be on the company inTRAnet.

    Similarly, most companies restrict outgoing messages to only the usual ports: 25 and 110 for email, 80 for browser HTTP, and possibly a few more. So even if you are on the inside, still, you wouldn't be able to open an outgoing connection to a remote MySQL server (well, unless you could configure it to use port 80???). But if the disgruntled employee is still on the inside, what's to prevent him/her from simply attaching a USB thumb drive to his/her computer and dumping the data to there and walking out with it? There's probably no really effective way to prevent such theft.

    But once the employee is kicked out? A different matter.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •