View Full Version : malicious programmers

03-14-2013, 05:59 PM
I was looking for to create a developers database by copying our main one and came accross a tutorial about moving all databases to another server...

Moving Data Directly Between Databases

How would you like to replicate your present database to a new location? When you are shifting web hosts or database servers, you can directly copy data to the new database without having to create a database backup on your machine and restoring the same on the new server. mysql allows you to connect to a remote database server to run sql commands. Using this feature, we can pipe the output from mysqldump and ask mysql to connect to the remote database server to populate the new database. Let's say we want to recreate the Customers database on a new database server located at, we can run the following set of commands to replicate the present database at the new server.

This uses one line of code (not shown here), couldn't this cause problems if say an disgruntled employee or former programmer were fired!

Knowing that it takes up to a week for papers to be processed and employees to be removed from a system seems like if they had developer priviledges they could steal or move every database you have in the blink of an eye and you wouldn't know it! Take a place like amazon.com one developer could easily copy every database, client & employee name, address, email addresses, credit card numbers etc. without anyone knowing. Or am I wrong as to how this works?

Just wondering!

Old Pedant
03-14-2013, 09:35 PM
You are assuming that the database managers are idiots.

Yes, if they don't have any protections, what you say is possible.

But normally the DBA would restrict logins to the database to *ONLY* IP addresses within the company. So once an employee is kicked out the door, he can't connect to the DB because any IP address he uses won't be on the company inTRAnet.

Similarly, most companies restrict outgoing messages to only the usual ports: 25 and 110 for email, 80 for browser HTTP, and possibly a few more. So even if you are on the inside, still, you wouldn't be able to open an outgoing connection to a remote MySQL server (well, unless you could configure it to use port 80???). But if the disgruntled employee is still on the inside, what's to prevent him/her from simply attaching a USB thumb drive to his/her computer and dumping the data to there and walking out with it? There's probably no really effective way to prevent such theft.

But once the employee is kicked out? A different matter.