[Info-vax] VSI OpenVMS Hobbyist Program Announced.
Arne Vajhøj
arne at vajhoej.dk
Sat Jul 13 00:30:04 EDT 2019
On 6/19/2019 8:11 PM, Dave Froble wrote:
> On 6/19/2019 7:44 PM, Arne Vajhøj wrote:
>> On 6/19/2019 12:15 PM, Dave Froble wrote:
>>> On 6/19/2019 8:28 AM, Simon Clubley wrote:
>>>> On 2019-06-18, Arne Vajhøj <arne at vajhoej.dk> wrote:
>>>>> If you try look at how application servers access database servers,
>>>>> then you will find that unencrypted is still very common.
>>>>>
>>>>
>>>> Are you sure ?
>>>>
>>>> What is the point of going to the effort of encrypting data at rest if
>>>> you are then going to let it fly around unencrypted within a machine
>>>> room's network ?
>>>>
>>>> Why do you trust the machine room network more than the rest of the
>>>> organisation's network ?
>>>>
>>>> IOW, is trusting the machine room's network more than the rest of the
>>>> network giving people a sense of false security ? One single compromise
>>>> of a machine on that network and _everything_ on that network is
>>>> potentially compromised.
>>>
>>> Your worship of security just may not be universally practiced? Don't
>>> blame me, I think it's important. But I know there are those who may
>>> not feel so strongly.
>>
>> Almost everybody considers security very important.
>
> "Almost" ???
>
> On a scale of 0-100, where does "almost" fall?
My guess 95+%.
> Consider not making unsupported statements or guesses.
Only saying what can be proven would reduce the debate
quite a bit.
>> But there are different approaches to security.
>
> I'm out here in the real world, and my experience is that "most"
> customers do not want to talk about "security". Just what I see. You
> want my opinion, they are wrong. But remember the two rules about
> customers.
I don't know your customers.
But I would be very surprised if they don't care some about security.
Do they have SYSTEM as password to SYSTEM?
But their knowledge about modern security threats, their
risk evaluation and their prioritization may do that they
end up with what many will consider a low security level.
Arne
More information about the Info-vax
mailing list