Win / TheDonald
Communities Topics
Sign In
Hot
All Posts
Settings
Win uses cookies, which are essential for the site to function. We don't want your data, nor do we share it with anyone. I accept.
DEFAULT COMMUNITIES All General AskWin Funny Technology Animals Sports Gaming DIY Health Positive Privacy
TheDonald America First!
hot new rising top

Sign In or Create an Account

Reason: None provided.

u/aconcernedtroll is right. What is actually necessary for normal operation is "SQL Server Runtime" but what was discovered on the machine was a full "SQL Management Studio" that has, among many other things, the ability to issue ad-hoc statements or edits that change the database. Whether I can do this anyway depends on whether I have a laptop with Studio installed and simply connect it to the machine anyway.

Their 'test' seemed to prove that ad-hoc statements or edits to convincingly patch the database to generate the observed tape results is possible. This may be intricate but is trivial really, no less trivial than if the machine has Phillips screws and there is a screwdriver on the table you'd say "I could take the cover off."

So far this is definitely a violation of best practice. Whether it is a violation of certification depends on the quality of the certification documents. Which leads into the real question, is there a way to 'prove' whether the management console was used in the manner described for the 'test'? MS offers a possibility of this one might look for on an untouched forensic copy but no clear feature. On critical systems detail logging must be deliberately coded (and you'd have to trust Dominion to provide it).

5 days ago
1 score
Reason: Original

u/aconcernedtroll is right. What is actually necessary for normal operation is "SQL Server Runtime" but what was discovered on the machine was a full "SQL Management Studio" that has, among many other things, the ability to issue ad-hoc statements that change the database. Whether I can do this anyway depends on whether I have a laptop with Studio installed and simply connect it to the machine anyway.

Their 'test' seemed to prove that ad-hoc statements to convincingly patch the database to generate the observed tape results is possible. This may be intricate but is trivial really, no less trivial than if the machine has Phillips screws and there is a screwdriver on the table you'd say "I could take the cover off."

So far this is definitely a violation of best practice. Whether it is a violation of certification depends on the quality of the certification documents. Which leads into the real question, is there a way to 'prove' whether the management console was used in the manner described for the 'test'? MS offers a possibility of this one might look for on an untouched forensic copy but no clear feature. On critical systems detail logging must be deliberately coded (and you'd have to trust Dominion to provide it).

5 days ago
1 score