Saturday, 04 June 2022
  9 Replies
  754 Visits
0
Votes
Undo
  Subscribe

Hi.

Adding password management, as well as data protection, is a really good thing.

The problem is that access to the database itself is not protected at all. The data itself is not encrypted into the database file. Thus, it is easy and simple to bypass the access. (like as instance, a software named DB-Browser for sqlite).

If I understand correctly and am not mistaken, due to the GDPR, our organization is asking to the elders and those who work with them, whether they are other elders, ministerial assistants, or brothers (in training), to keep our data local and well protected. This is not the case because password access gives the illusion that the data is actually protected.

This is not a criticism, just to bring up this issue. There are many ways to do it well, and certainly some I don't know about. But please help us to better protect our data access.

Best regards.

2 months ago
·
#9379
0
Votes
Undo

OK, I know one of the team, I'll refer them to your post, and if they are OK with that, we'll find a way of getting you people in touch. Then you can decide what is possible or not.


https://www.theocbase.net/support-forum/post/1097-donations.html

For accessing the database my personal preference is http://sqlitebrowser.org/

For editing templates I now use https://code.visualstudio.com/ 

 


2 months ago
·
#9378
0
Votes
Undo

I don't understand most of what you are saying ;-D, but I take that as a No

Not necessarily. I've made a basic list of my skills, in reality I don't know how I can help. Who understands my skills, may know if I can be useful. (1 Cor. 14:40) ;-)

 

2 months ago
·
#9377
0
Votes
Undo

I don't understand most of what you are saying ;-D, but I take that as a No


https://www.theocbase.net/support-forum/post/1097-donations.html

For accessing the database my personal preference is http://sqlitebrowser.org/

For editing templates I now use https://code.visualstudio.com/ 

 


2 months ago
·
#9376
0
Votes
Undo

I know the team are always looking for code writers. Something for you?

As you can read|see on my website, I have coded, a long time ago, in PHP; and I have always liked this language; I have also done python, another approach that I like. And, I still practice regularly creating shell scripts (ksh, bash, if possible POSIX compliant). But always self-taught and solo, I never worked in a team.

I had a Java-PL/SQL developer training, in 2012. I have never practiced professionally, and I don't like this language. I have done some SQL (MySQL, MariaDB mainly), but it is not my favorite, too. If I had to do, I did, but without "true love". And it's been a long time since I've made…

Voila! :D

2 months ago
·
#9374
0
Votes
Undo

I know the team are always looking for code writers. Something for you?


https://www.theocbase.net/support-forum/post/1097-donations.html

For accessing the database my personal preference is http://sqlitebrowser.org/

For editing templates I now use https://code.visualstudio.com/ 

 


2 months ago
·
#9372
0
Votes
Undo

If you keep the database only local, the only way to really protect it, is the protection of the system the database is on. The password protection is false security if you do not encrypt the database. I tried it, but the option is greyed out...

Maybe this post wasn't about GDPR, but since you brought it up... TB has a functionality to share data in the cloud. Cloud will not have a copy of the database though: phone numbers and (email) addresses are not shared in the cloud, exactly because of GDPR. Put differently: if you would be sharing TB data in the cloud to sync between computers, you'd have to enter those details separately into each computer. 

That said: whether or not to use Dropbox for TB data, is still (very) open for discussion.

I agree with you when you said/wrote about password protection. This reassures men, who are not aware of the dangers associated with IT. As an ex-IT professional, when I saw sqlite, which is very good for small IT projects like theocbase, I wondered if the information in the database was encrypted or not. If not, and it is the case, they are not, then in fact the management by password is all the more illusory ;-)

Encrypting the data can be done before sending the data into the database, as since sqlite has internal encryption algorithms or as modules, can be done internally to the database.

Personally, I use it under Linux. My home is encrypted. Turned off or without my session password, impossible to access data.

Another way of protection is to use an encrypted container, opened before using TB, which contains at least the base, cf software like ex-truecrypt, veracrypt and others.

Another way to share such data between several computer media is the use of software such as syncthing, as well as exit the cloud ;-)
In IT, there is always the possibility to do things differently.

PS: I would test, to see, if from the binary for Linux, I can make it work under OpenBSD :p

2 months ago
·
#9371
0
Votes
Undo

If you keep the database only local, the only way to really protect it, is the protection of the system the database is on. The password protection is false security if you do not encrypt the database. I tried it, but the option is greyed out...

Maybe this post wasn't about GDPR, but since you brought it up... TB has a functionality to share data in the cloud. Cloud will not have a copy of the database though: phone numbers and (email) addresses are not shared in the cloud, exactly because of GDPR. Put differently: if you would be sharing TB data in the cloud to sync between computers, you'd have to enter those details separately into each computer. 

That said: whether or not to use Dropbox for TB data, is still (very) open for discussion.


https://www.theocbase.net/support-forum/post/1097-donations.html

For accessing the database my personal preference is http://sqlitebrowser.org/

For editing templates I now use https://code.visualstudio.com/ 

 


2 months ago
·
#9370
0
Votes
Undo

In fact, with the GDPR, we cant send datas on cloud, if you keep personals informations like telephone or mails. Our organisation, apparently, "said": dont publish those personals datas on cloud or web systems.

But this post is not about GPDR compliant, it's about to protect correctly the datas. ;-)

It's up to you!

2 months ago
·
#9369
0
Votes
Undo

I have ofthen told this to users who shut themselves out of their databases: don't use the password function. It can easily be reset. Honestly though, I have never dared to test what happens if you also decide to encrypt the database.

GDPR may have an effect on your decision to use the cloud function (dropbox) or not, regardless of the database security.


https://www.theocbase.net/support-forum/post/1097-donations.html

For accessing the database my personal preference is http://sqlitebrowser.org/

For editing templates I now use https://code.visualstudio.com/ 

 


  • Page :
  • 1
There are no replies made for this post yet.
Be one of the first to reply to this post!