Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Database Password Protected Expand / Collapse
Author
Message
Posted Saturday, September 7, 2013 2:45 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Tuesday, May 6, 2014 12:05 AM
Points: 99, Visits: 304
Hello ,

please can u tell me
how to make my sqlserver 2005 database password protected.
i make a database and i want to make a password protected.

Thanks For the help
Post #1492485
Posted Saturday, September 7, 2013 4:39 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 1:36 AM
Points: 42,488, Visits: 35,556
There's no way to password protect a database, passwords are used on logins to SQL Server, if someone has a valid login, they can then see any databases they've been given permissions to access.


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1492497
Posted Saturday, September 7, 2013 4:43 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Tuesday, May 6, 2014 12:05 AM
Points: 99, Visits: 304

thanks for the suggestion
is there any way to protect your table or your stored procedures ?
Post #1492498
Posted Saturday, September 7, 2013 5:19 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 1:36 AM
Points: 42,488, Visits: 35,556
Minimum permissions on logins, don't give everyone sa.


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1492502
Posted Saturday, September 7, 2013 5:26 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Tuesday, May 6, 2014 12:05 AM
Points: 99, Visits: 304
ok but is only sa user name and password is enough protected by hackers.
means can any one hack my sa password
Post #1492504
Posted Saturday, September 7, 2013 5:58 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 1:36 AM
Points: 42,488, Visits: 35,556
Don't use sa. Use specific accounts for specific users with minimal permissions. Strong passwords or preferably windows authentication.


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1492513
Posted Thursday, December 5, 2013 9:22 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: 2 days ago @ 8:10 AM
Points: 861, Visits: 2,360
And by strong, we don't mean 8 characters long.

At least 15 truly random characters is a good start.

Minimum permissions at the finest are column based permissions; if that's too difficult, table based, and if that's too difficult, schema based, and so on. Do not allow sysadmin, do not allow db_owner, do not allow securityadmin, etc. Don't give permissions that aren't actually used and needed. Don't be afraid to use DENY as well.

Keep your antivirus up to date and running (exclude data, log, and backup files), keep SQL Server patched (at least all security patches), keep Windows patched (at least all security patches), etc.

If you want to protect your data in the database, even from DBA's, you can code your application to encrypt the data. Do not write your own encryption.

If you want to protect passwords in the database, use PBKDF2, bcrypt, scrypt, or similar, with large numbers of iterations (thousands to hundreds of thousands). See http://stackoverflow.com/questions/7837547/is-there-a-sql-implementation-of-pbkdf2/12291671#12291671

If you want to protect your data in transit, turn on SSL (load a certification and turn on "Force Encryption" in SQL Server Configuration).

If you want to protect your data in files, you can use TDE (Transparent Data Encryption) in Enterprise edition, or Truecrypt, or other disk/volume level encryption software.

Note that encryption is very hard to do right - the slightest detail can be a real problem that's nearly impossible to find.
Post #1520178
Posted Thursday, December 5, 2013 10:51 AM
Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Today @ 5:45 AM
Points: 3,993, Visits: 3,014
GilaMonster (9/7/2013)
Don't use sa. Use specific accounts for specific users with minimal permissions. Strong passwords or preferably windows authentication.

+1. In fact, just disable the sa login completely. If you have Windows logins that are members of the sysadmin group, you'll have access.



Tally Tables - Performance Personified
String Splitting with True Performance
Best practices on how to ask questions
Post #1520242
Posted Friday, January 10, 2014 6:25 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Friday, February 7, 2014 4:19 PM
Points: 5, Visits: 5
GilaMonster (9/7/2013)
There's no way to password protect a database, passwordsdandp qualities of a leader D&P DNP android programming language are used on logins to SQL Server, if someone has a valid login, they can then see any databases they've been given permissions to access.

nice suggestion


customer service skills list hr source consulting human resources internships project proposal template superior staffing
Post #1530008
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse