And if everything rests on one single field that can change spontaneously and you don’t even keep a list of operations to check whether the amount in this field corresponds to the sum of all operations , then, of course, such a system is not protected in any way.
And not even from a villain , but from a simple software failure is not protected.
1. Checksums. You will see it when changes are made. Naturally, the admin should not have access to the checksum calculation algorithm.
2. Contract on paper. Will be responsible for the consequences.
3. Encrypted database. That is, he administers its files, but cannot administer the contents.
4. Logs with all operations of receipt and expenditure of money from the account where the balance is maintained are stored separately and are checked from time to time with the balance of the balance. Should always converge.
5. Printing the balance (this is such a very, very compact table) and saving them in a place inaccessible to the admin. This is a balance passing from date to date, that is, it is impossible to adjust so that it is not visible. If he reduces the balance in one place, then he must add in another - so that the result is preserved. How to make it visible that a person has corrected the balance in this other place is not a technical question.
Known in Europe since the 15th century.
And in America - even earlier, even the Incas knew.
For example, you can’t take money from the cashier, because the cashier will detect and snitch on you (if the cashier doesn’t do this, the shortage will be blamed on the cashier).
If you took money from the cash register and changed the cash report so that the cashier did not notice this, then the balance of other accounts will change.
7. I even met in practice when the admin was not allowed to physically approach the server. And there was no internet on the server.
He sat at the opposite end of the room and told the person (confidant) - which files to copy where, etc.