Hiding sensitive data from myself...

[johnpienaar]

Hi
I am currently working on an appplication (ASP.Net front end, with SQL Server 2000 DB). the problem I have is that I need to pull in the companies salary information , which includes employee numbers and names.

How would I go about locking myself out of this information, given that I am the developer and therefore have full access to the DB- would I need to use encryption and windows authentication, or is there a better way to deal with this?

Any suggestions would be much appreciated.

John

 

[fredericofonseca]

First rule of development
NEVER, NEVER, NEVER develop over the production server.

Second rule of development
ALWAYS, ALWAYS, ALWAYS mangle the names and addresses of production data when using this data on a development/testing server.


So your solution is.

1- Copy your production data into a development/testing server.
2- Run SQL scripts to update all information that could lead to some report being sent based on test data. e.g. names, addresses, phone numbers.
This should be done on a table per table, on all relevant fields. Obviously that on your case if you are developing a salary package then you might not be able to alter the salaries (as this could give you wrong results), but even these would normally be changed.


Keep the SQL scripts handy for future developments.


As an apart make sure you have clearance from both HR and your top managers regarding accessing real salary data. This area is always a can of worms.


Regards

Frederico Fonseca
SysSoft Integrated Ltd

http://www.syssoft-int.com

 

[johnpienaar]

Thanks for the reply Frederico- I don't think I posted the first post clearly- you mention the following:

"As an apart make sure you have clearance from both HR and your top managers regarding accessing real salary data. This area is always a can of worms."

My problem is exactly this- management do not want me accessing any salaries data at all, but the application requires that the managers have access to this information through the front end.

So, basically, the sensitive salaries data (which I should not be able to view) will be stored in the SQL database. I need to be able to store this data in such a way that I cannot access the table or view the data in any way, but yet give access via the front-end to the relevant managers...

I'm not sure how to approach this.

 

[chrissie1]

Let the manager write the front-end. How do they you are going to ride the car if you can't get in it. Or do as frederico says. Create a test environment and mangle the data a bit. of course they have to realize that if you are the one that is the dba then you are bound to see the salaries one way or the other. If they are really that paranoid well then...

Christiaan Baes
Belgium

"My new site" - Me

 

[FatalExceptionError]

Sounds to me like management is paranoid they are not paying you enough money to keep secret this data.

Tell them to give you a hefty raise to instill confidence in you accessing this sensitive data. Otherwise how else can you develope and test this stuff. The only way I see it happening is if they copy live data, scramble it and send it to you to put in a test server.


=======================================
The statement below is true
The statement above is false

There are 10 kinds of people, those who know binary and those who don't

 

[SQLBill]

As part of the development process, you could have told them you will need sample data. For example: so that I can develop and test the application without seeing the actual data, I will need 1000 rows of sample data. The data must be in the same format as it appears in the database.

I developed a database and front-end strictly using sample data. Once I made that work, I showed the users how to use it, put it in production and let them enter the valid data into the database. In your case, you could get the schema of the database, create an empty database from that schema, populate it with sample data and create your front-end. Then show them how it works and turn it over to production.

-SQLBill

Posting advice: FAQ481-4875

 

[chrissie1]

We over here ,Forensic investigations part of the justice departement, just let them sign a confidentiality thing and that is it. If you don't trust them then don't let them work for you. And if they leak information they go to jail or worse (they come and work fulltime for us). Simple.

Christiaan Baes
Belgium

"My new site" - Me

 

[SQLSister]

Or you could encrypt the data on data entry and decrypt in the application where people can see the data. This will affect speed but no one will be able to directly read the data from the database including anyone who might steal your data from the database or from backup tapes as has happened in many instances with credit card numbers. You will also have to encrypt existing data. If you have that level of protection people shoul also be forbidden to take dat or reports home (see VA for example of what this can cause) or to convert data to Excel or any format other than on the screen or required and clearly defined paperwork which need manual security controls such as locked file cabinets in locked offices. All people with access should have signed a confidentialty agreement with it clearlly stated that failure to keep the data securely will result in termination. All this is a pain which is why few companies encrypt the data that should be encrypted.

Questions about posting. See faq183-874
Click here to help with Hurricane Relief