I ran into an old friend at the
The Big Problem
After a bit of reminiscing, Bing said to me in his big, animated, booming voice "Scott! Our bank has a very big problem! I mean, it's a huge problem!" I raised my eyebrows as if to urge him to continue. Bing continued, "Our management would pay truck loads of cash for a solution to this problem! Big trucks! Tractor Trailer trucks!"
I started thinking about how much all that cash might weigh and where I could hide it. So I took the bait and asked, "Okay, so what's this problem?"
Web Server Connection Pooling Masks User Identities
Bing replied with continued exclamation "Websphere! Websphere web users! Connection Pooling! We have no idea what our Websphere users are doing inside of our corporate databases! There's no accountability and everyone from the
"Ah yes," I said. "Web servers like Websphere, WebLogic, JBOSS, Sun J2EE, and Tomcat all mask the identities of end users thanks to connection pooling using a single userid."
Anonymous Users > No Accountability > Vulnerability
Bing nodded and added "And we have no (explitives omitted) idea who is doing what to our corporate data and the SOX Compliance people are stressed!"
"And you'll send me a tractor trailer truckload of cash if I can help your bank accurately determine who is doing what, when, and from where, so that accountability is restored and anarchy is avoided?" I asked with a hopeful look.
"Absolutely! But, it's impossible to solve, you can't do it, so don't start spending the money just yet!" he exclaimed with a wry grin.
I frowned with disappointment but was intrigued by the challenge. "What else do you need help with?" I asked.
"Auditing. Login failures. Tracking and controlling security changes. Tracking object maintenance. Tracking SYSADM and other power user activities. And the data can't be updated - it needs to be hardened for the auditors" Bing bemoaned.
"Would you like a Coke and fries with that solution?" I asked with a grin.
Well, that was about five months ago. We've been working very hard at DBI (I know I haven't blogged as often as I'd like) ever since. We want to help organizations achieve greater performance and accountability. We want to help prevent identity theft. We want to help with SOX Compliance. We're on a mission. We want all corporate data users to be accountable.
I am very pleased to announce that on
Until next time,