[plug] preventing data "theft"

Cameron Patrick cameron at patrick.wattle.id.au
Mon Dec 11 17:44:18 WST 2006


Denis Brown wrote:

> conceivably copy files.   I cannot NOT set them for read permissions 
> because the data DOES need to be read by the statistics suites.

Most statistics packages allow you to export data sets.  Even if not,
convincing the stats package to dump core (e.g. by sending it SIGQUIT)
will result in a memory image that data could be extracted from.

You will have to very carefully restrict what inputs people give to the
statistical software.  Perhaps set up a wrapper script that makes sure
that all inputs are kosher, calls the stats package, and makes the
output available somewhere that the researcher can read; then use sudo
to allow users to call the wrapper.

Cameron




More information about the plug mailing list