InstantForum.NET v2.9.0SQLServerCentralhttp://www.sqlservercentral.com/Forums/notifications@sqlservercentral.comWed, 22 May 2013 03:43:45 GMT20http://www.sqlservercentral.com/Forums/Topic307543-119-1.aspx<P>What's so precious about your data that you don't want the user (i.e. the owner) to access it through anything but you interface? I wouldn't buy a software product if I couldn't have access to the data directly.</P><P>Steve B.</P>Tue, 12 Sep 2006 15:11:00 GMTsteve blockhttp://www.sqlservercentral.com/Forums/Topic307543-119-1.aspx<P>Remove builtin\Administrators from the sysadmin role. Make sure that you have another admin account before you do that. Make sure that the sa login has a strong password.</P><P>It won't stop him from copying the data files off, but there's no way to stop a system administrator from doing that. Speak to the client's system administrators about securing the server.</P><P>That's about the best you can do if you don't have control over the infrastructure and the server.</P><P> </P>Tue, 12 Sep 2006 09:21:00 GMTGilaMonsterhttp://www.sqlservercentral.com/Forums/Topic307543-119-1.aspx<P>Let me point out the problem from a different angle.</P><P>I have developed an application using SQL Server 2000 as the backend. When I implement the same at a client's location, he has complete access to the database. What I want to achieve is that, the database can only be accessed from my application with only my password. The client would have admin access to the server, but he is not supposed to touch the database directly.</P>Tue, 12 Sep 2006 09:14:00 GMTMathew Danielhttp://www.sqlservercentral.com/Forums/Topic307543-119-1.aspx<P><EM>It is possible for anybody to copy the mdf and ldf files of a database, copy it on another machine and have complete access over it</EM></P><P>If users have access to the server such that they can shut SQL down and copy the database files off, then you have a far bigger problem than database security.</P><P>How to overcome it is simple. Secure the server. Ensure that only those who need access to the server (probably just the server admins) have access.</P>Tue, 12 Sep 2006 02:36:00 GMTGilaMonsterhttp://www.sqlservercentral.com/Forums/Topic307543-119-1.aspxLot of issues of security have been discussed in the past. But a trivial problem of security baffles me.It is possible for anybody to copy the mdf and ldf files of a database, copy it on another machine and have complete access over it, if he has admin rights. How is it possible to overcome this security problem. What I need is once the database is created with a user on a particular machine, the access must be restricted to that user only and not even to sa. Is this kind of security possible in SQL Server 2000Mon, 11 Sep 2006 01:49:00 GMTMathew Daniel