On 3/7/2016 9:43 AM, Stephen Russell wrote:
When they open the employee table and can read a SSN is when it gets shaky.
Or open the customer table and make a copy for themselves as they walk off to a new job.
Or use their smart phone to take a picture of the screen full of sensitive personal data, or company proprietary information. ROFLTIPMP
I used to worry about this a little. But then I saw just how easily any employee that has rights to use an application can compromise data of that application. And it has nothing to do with the underlying technology. Generally speaking, a directed employee attack will succeed to varying degrees of success. "Outside" attacks are the real danger, but are also the most easily blocked (unless of course you're developing brower-based applications.... hahahaha)
Now, of course if you're talking about "direct access" to a database from "anywhere" then, yeah, that's a worry. But then, even all DB servers have security problems (aka SQL Injection etc).
I've found a VFP database on a network share, with managed user access rights, has been quite secure. Sure, if some user is granted rights that shouldn't have it, problems are possible. But then that's a failure of network security processes.
Some things like segregating data inside an application are definitely easier out of the box for DB servers, but I accomplished the same thing in VFP apps by using subfolders <shrug>.
But hey, go ahead and think you're secure just because you're using SQL Server or Oracle... or PostgreSQL... Nowadays technology folks aren't so much about truth as they are about money and lying enough to themselves to sleep at night.
-Charlie