Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Security of the database Expand / Collapse
Author
Message
Posted Monday, September 11, 2006 1:49 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, December 12, 2012 5:29 AM
Points: 2, Visits: 4
Lot of issues of security have been discussed in the past. But a trivial problem of security baffles me.

It is possible for anybody to copy the mdf and ldf files of a database, copy it on another machine and have complete access over it, if he has admin rights. How is it possible to overcome this security problem.

What I need is once the database is created with a user on a particular machine, the access must be restricted to that user only and not even to sa. Is this kind of security possible in SQL Server 2000
Post #307543
Posted Tuesday, September 12, 2006 2:36 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 12:48 AM
Points: 40,193, Visits: 36,598

It is possible for anybody to copy the mdf and ldf files of a database, copy it on another machine and have complete access over it

If users have access to the server such that they can shut SQL down and copy the database files off, then you have a far bigger problem than database security.

How to overcome it is simple. Secure the server. Ensure that only those who need access to the server (probably just the server admins) have access.




Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #307840
Posted Tuesday, September 12, 2006 9:14 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, December 12, 2012 5:29 AM
Points: 2, Visits: 4

Let me point out the problem from a different angle.

I have developed an application using SQL Server 2000 as the backend. When I implement the same at a client's location, he has complete access to the database. What I want to achieve is that, the database can only be accessed from my application with only my password. The client would have admin access to the server, but he is not supposed to touch the database directly.

Post #307955
Posted Tuesday, September 12, 2006 9:21 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 12:48 AM
Points: 40,193, Visits: 36,598

Remove builtin\Administrators from the sysadmin role. Make sure that you have another admin account before you do that. Make sure that the sa login has a strong password.

It won't stop him from copying the data files off, but there's no way to stop a system administrator from doing that. Speak to the client's system administrators about securing the server.

That's about the best you can do if you don't have control over the infrastructure and the server.

 




Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #307959
Posted Tuesday, September 12, 2006 3:11 PM
Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Monday, May 21, 2012 3:13 PM
Points: 516, Visits: 1,563

What's so precious about your data that you don't want the user (i.e. the owner) to access it through anything but you interface?  I wouldn't buy a software product if I couldn't have access to the data directly.

Steve B.




Post #308036
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse