Post reply

Password protect Backup files

  • April 16, 2012 at 12:54 am

    #272598

    Hi guys,

    i need a solution to protect .bak files with Password.

    Anyways i know there is WinZip, but i need something else.

    Any suggestions on what to try?

  • April 16, 2012 at 8:49 am

    #1474081

    - PGP (gnupg is a good, free option)

    - Third-party backup tools like redgate SQL Backup[/url]

    - TDE (requires Enterprise Edition) protects your data at rest using the SQL encryption hierarchy so uses a certificate and password. TDE is a bit more involved than some of the other methods but will protect your data and is included in the product.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • April 16, 2012 at 10:34 am

    #1474185

    you can specify a password when you create a backup, which would then be required to restore from the backup file.

    http://msdn.microsoft.com/en-us/library/ms186865(v=sql.100).aspx

    this option will not be present in SQL2012

    ---------------------------------------------------------------------

  • April 16, 2012 at 10:43 am

    #1474191

    george sibbald (4/16/2012)

    you can specify a password when you create a backup, which would then be required to restore from the backup file.

    http://msdn.microsoft.com/en-us/library/ms186865(v=sql.100).aspx

    this option will not be present in SQL2012

    The password option was not listed because it is not secure. All it does is prevent a restore, it does not protect data and should not be used in new development.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • April 16, 2012 at 10:57 am

    #1474203

    op didn't say what he wanted it protected from.

    ---------------------------------------------------------------------

  • April 16, 2012 at 11:00 am

    #1474210

    ...and should not be used in new development.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • April 16, 2012 at 12:22 pm

    #1474269

    this option will not be present in SQL2012

    ---------------------------------------------------------------------

  • April 16, 2012 at 1:39 pm

    #1474345

    George, You're a veteran. Why would you offer up a solution using a feature that has already been removed from the current version of the product?

    From the article to which you provided a link:

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • April 16, 2012 at 2:31 pm

    #1474401

    I don't know, as a veteran why did you think I need the obvious quoted at me? I found it patronising. You should have just said in your opinion it was not the best way to do it.

    as a 'veteran' I don't make assumptions as to the ops exact requirements if there is room for interpretation. It was another obvious method therefore worthy of mention. It could have been the simple fix the op wanted but was not aware of. I hardly call this new development and there are many more people using 2008 and below than 2012.

    I am also mindful of others who may come along later and read this thread for whom that info may be useful.

    Note I included the fact that the feature will be deprecated.

    I am afraid there are other versions of a correct answer other than yours.

    This is not what I participate in this forum for so I am unsubscribing from this thread

    ---------------------------------------------------------------------

  • April 16, 2012 at 4:54 pm

    #1474462

    As has been previously said, I'd look at a 3rd party product like Red Gate SQL Backup (full disclosure, I'm a Friend of Red Gate) because you can encrypt the backup. I would not rely on the password option for a regular SQL backup because, as indicated, it doesn't actually protect the data. It just prevents the backup from being restored without the password. However, if you open up the file with a hex editor, or even just something like notepad, you can see the data.

    TDE is an option if you're running Enterprise Edition for 2008 or 2008R2. If you don't have those versions, it's not on the table. Realize, though, that if you use TDE, you will get almost no compression, so don't turn on compression as well.

    K. Brian Kelley
    @kbriankelley

  • April 16, 2012 at 11:28 pm

    #1474516

    Hi Guys,

    Thanks for Input. @ Geaorge i do not want to use a script for backups.

    I will have a look at Redgate product.

    Thanks again guys

  • April 17, 2012 at 8:27 am

    #1474756

    If your goal is to protect the data from prying eyes, you could use column-level encryption instead of TDE (although CLE has its own set of advantages/disadvantages).

    Unless they have the Service Master Key from the original server, they can't restore the database to see the data on another server (as long as you use that hirearchy).

    CLE is available in Express Edition and up, from 2005 and up.

  • April 17, 2012 at 8:43 am

    #1474772

    But then the app couldn't use the database, either. 🙂 It's hard to retrofit an existing app to use column-level encryption.

    K. Brian Kelley
    @kbriankelley

  • April 17, 2012 at 11:01 pm

    #1475145

    Guys what i am actually trying to achieve is to avoid .bak files from being restored elsewhere by someone who got access to the backup file. So column level encryption would not be suitable for me. I need an application which has automation capability on encrypting .bak file using password.

  • April 18, 2012 at 6:14 am

    #1475286

    Then I would say third-party software is the answer.

Viewing 15 posts - 1 through 15 (of 25 total)

You must be logged in to reply to this topic. Login to reply