[plug] preventing data "theft"

[Carl Gherardi]

> Principal researcher also wants to make data available for analysis by
> others who have accounts on the server but without any possibility of the
> data leaving the server - assistants should not be able to copy the
> data.   Some of those assistants are physically off site so no means of
> verifying their compliance.

Thats not an easy problem to solve.

Agree with Mike H on sgid, it will work - but if the users can't be
trusted and the application almost certainly can't be trusted then
leakage will occur.

Creating a chroot jail for data/application/user might work with some thought.

I've seen citrix used as an isolation solution - providing terminal
access to an application, so you can use the program as normal but
there is no data transfer ability between citrix server and client
(except printscreen)

Banking solutions are pretty close to what you want. I've not worked
with that level of user security but from what i've seen in most
banks, they work using 'dumbish' terminals with no drives and
extremely limited Internet access (if any) along with strict DB access
control and I imagine some hadcore tracability for user/terminal use.

We must have an admin on the list who works with hostile users and
sensitive data like a bank.

Carl G