April 23, 2010 at 9:17 am
I have a book "Microsoft SQL Server 2005" but it does not cover all answers and more a read others opinions more confused it gets (SQL Server). I am creating a program that will deal with a lot of money so I must hide the information from unwanted people, so far as I understood using security at Users level isn't practical as if I copy the database to another computer it will be exposed to those users, so I turned to application role. Simplifying the question, I want to disable all users, accounts, roles ... except those I specify at database creation, making the user that creates the database (and me) the only one to access and manage access (create also) to other users, is that possible or should I turn to Microsoft Access Database instead?
thanks.
Antonio.
April 23, 2010 at 9:34 am
I'm not sure what you mean, and I'm not sure you know what you need.
Access in SQL Server starts at the server level. So the administrator of the system can access the database. Millions of companies, many of them dealing with lots of money, deal with this every day and it works. So don't get wrapped up on that.
In terms of securing the database, you can use logins for users (Windows or SQL) and that provides security. If the database is restored to another server, it doesn't matter if you use application roles or windows logins, the database isn't secured there. The best you could do is look at implementing encryption.
However if you haven't worked with it and this is important, hire someone that knows this stuff. Don't assume you can figure it out. In fact, if you're confused about security, a forum online like this one isn't the place to get the advice. Not if it's important. Go hire someone and don't mess around.
April 25, 2010 at 2:26 am
Simple, if you are migratng/creating new databases , better transfer those logins and reset all passwords. 😉
-------Bhuvnesh----------
I work only to learn Sql Server...though my company pays me for getting their stuff done;-)
April 25, 2010 at 7:37 am
antonio jv (4/23/2010)
I have a book "Microsoft SQL Server 2005" but it does not cover all answers and more a read others opinions more confused it gets (SQL Server). I am creating a program that will deal with a lot of money so I must hide the information from unwanted people, ...or should I turn to Microsoft Access Database instead?thanks.
Antonio.
Learning SQL Server from a book is one side. Setting up a secure SQL Server is another one. But never ever do both while writing an production application, especially one holding crucial data.
I second what Steve already mentioned: get someone involved that knows how to set up such an environment. There are so many different issues to cover (e.g. authentication mode, application/database roles, encryption, data access via stored procedures only, ... list goes on).
And, please, don't consider MS ACCESS as providing equal or better security than SQL Server. It doesn't.
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply