We had tough weeks after we were not able to explain to CEO that we are doing exactly the samething that he wants and much better.
But today atlast all aspects of safety had been covered :).
User SQL injection: simply by using the available mechanism of DBI.
Developers mistake: now we can say we were able to eliminate it completely:
- roles ( standard way)
- save every single change in audit schema ( implemented by team)
- preventing any SQL command to change more than one row at all ( implemented by team:) )
Hardware/DB data corruption:
- in this level we really detect any change in data cause even by something like bad sectors. This will trigger a shutdown in system what company CEO was looking for and never let us to explain were it is.
This way we have covered all possibilities of data manipulation in any way. We have our strong safe now and we can now move on to other parts of the code that are more visible to CEO and other judges.
It is really frustrating when the one who is judging you does not let you expalin how you are doing exactly the samething that he wants and much more complete.
But atlast it was a very good experience.