database security

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2008 » SQL Server 2008 - General » database security

database security

Rate Topic

Display Mode

Topic Options

Author

Message

IT researcher

Posted Thursday, February 21, 2013 2:28 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Today @ 7:59 AM
Points: 182, Visits: 940

I am developing an application which uses sql server express.so there are so many database which need to have security.So any customer who installs our application will get those database in his PC.So he can see the data present the database. So how can i make it safer so that data present in the database will not be seen to anyone.

Post #1422453

sturner

Posted Thursday, February 21, 2013 6:16 AM

Ten Centuries

Group: General Forum Members
Last Login: Friday, May 17, 2013 11:27 AM
Points: 1,314, Visits: 2,882

Once your data is on someone's computer your data is no longer protected from others.

I would recommend encrypting the important data items and develop a key management scheme that would make it very hard for someone to see your data without expending lots of effort in trying to crack your encryption key(s).

The probability of survival is inversely proportional to the angle of arrival.

Post #1422530

IT researcher

Posted Saturday, February 23, 2013 4:32 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Today @ 7:59 AM
Points: 182, Visits: 940

Which is the best method by which i can do encryption?

Post #1423340

IT researcher

Posted Thursday, February 28, 2013 12:13 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Today @ 7:59 AM
Points: 182, Visits: 940

Anyone plz reply me

Post #1424929

Vedran Kesegic

Posted Thursday, February 28, 2013 3:25 AM

Old Hand

Group: General Forum Members
Last Login: Thursday, May 16, 2013 8:08 AM
Points: 342, Visits: 1,072

It's a complex topic.
Encrypt values of sensitive columns with symmetric-key encryption (cell-level encryption).
Use Transparent Database Encryption to encrypt files (data files, log files, and backup files).
Additionally, you could use "WITH ENCRIPTION" on your code (procedures, functions, views, triggers) so the source code is not easily visible.
Permissions should be tight (minimal), also.

_____________________________________________________
XDetails Addin - for SQL Developers and DBA
blog.sqlxdetails.com - Transaction log myths - debunked!

Post #1424969

GilaMonster

Posted Thursday, February 28, 2013 3:28 AM

SSC-Dedicated

Group: General Forum Members
Last Login: Today @ 11:12 AM
Points: 37,665, Visits: 29,917

However bear in mind that anyone who is an administrator on the machine that runs SQL can remove the TDE and decrypt any column encrypted by key or cert and that procedures created WITH ENCRYPTION can be 'decrypted' in less than 5 min, it's not encryption, it's obfuscation.

If you put the DB onto someone's machine, that person has full control and you cannot prevent that.

Encrypt in the app if you need to ensure that the administrators of the server where the DB sits must not have access to the data. Of course then you have the fun of securing the keys, which is not a trivial exercise.

Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1424971

« Prev Topic | Next Topic »

Permissions