[OT] Help: stories of database security and privacy
Hi folks,
in a few weeks I'll start a short course on the basics of database
security for a group of high-school students with a background in
elementary relational theory and SQL. I plan to explain the usage of
grant/revoke, RBAC, DAC, and inference in statistical databases.
I'd like to take the opportunity to also engage students about the topic
of privacy (or lack thereof). So, I am here to ask if you have
interesting/(in)famous stories to share on database security/privacy
"gone wrong" or "done right"(tm), possibly with technical details (not
necessarily to share with the students, but for me to understand the
problems). I am asking to this list because I will use PostgreSQL, so
maybe I can collect ideas that I can implement or demonstrate in
practice.
Thanks in advance,
Life.
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
On Tue, Apr 11, 2017 at 21:48:58 +0200,
Lifepillar <lifepillar@lifepillar.me> wrote:
I'd like to take the opportunity to also engage students about the topic
of privacy (or lack thereof). So, I am here to ask if you have
interesting/(in)famous stories to share on database security/privacy
"gone wrong" or "done right"(tm), possibly with technical details (not
necessarily to share with the students, but for me to understand the
problems). I am asking to this list because I will use PostgreSQL, so
maybe I can collect ideas that I can implement or demonstrate in
practice.
"Translucent Databases" has some interesting ideas about providing privacy
by operating directly on encrypted data (without decrypting it) so that
information is kept private even from the database. The are major
limitations on what you can do, but there may be some cases where the
techniques can be used.
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general