June 23, 2008 at 3:57 pm
We have been tasked by an auditor to see if we can prevent this from happening in our production database.
Does anyone know of a way, to protect a database from having a restore done over an active and running database? Right now it is possible for the “SA” to restore a backup copy right over a running database with the same name.
June 23, 2008 at 5:05 pm
I don't see any way to prevent a sysadmin member from restoring a backup. You can minimize the risk by having a minimal number of responsible people as sysadmins.
Greg
June 24, 2008 at 5:25 am
Yes, that is it, you need to manage security so you have only a few sysadmin users.
Also, you cannot restore over a database that has active connections, so if you were to open and persist a connection, you would not be able to restore over the database without killing the connection. Of course, a sysadmin can kill the connection so this may not get you far.
June 24, 2008 at 7:26 am
get a weblogic server or MS Access
every time you kill them, they come back
June 24, 2008 at 10:09 am
Maybe there is not a way to stop the restore, but for auditing purposes it would be better that you where alerted if and when this happens, you could collect the info every n minutes from a job and if it occurs store the details and send an email:
select * from msdb..restorehistory
order by restore_date desc
Andrew
Viewing 5 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply