How do I create a web application where I do not have access to the data?
Premise: The requirements for an upcoming project include the fact that no one except for authorized users have access to certain data. This is usually fine, but this circumstance is not usual. The requirements state that there be no way for even the programmer or any other IT employee be able to access this information. (They want me to store it without being able to see it, ever.)
In all of the scenarios I've come up with, I can always find a way to access the data. Let me describe some of them.
Scenario I: Restrict the table on the live database so that only the SQL Admin can access it directly. Hack 1: I rollout a change that sends the data to a different table for later viewing. Also, the SQL Admin can see the data, which breaks the requirement.
So, Scenario III looks promising, but it's cumbersome for the users. Are there any other possibilities that I may be overlooking?
Aren't these problems usually solved via controls:
- All programmers need a certain level of clearance and background checks
- They are trained to understand that rolling out code to access the data is a fireable or worse offense
- Every change in certain areas needs some kind of signoff
If you are allowed to add any code you want, then there's always a way, IMO.