October 1, 2006 at 10:39 am
How can I secure SQL Express 2005 from prying eyes, yet allow DB connectivity?
October 4, 2006 at 8:00 am
This was removed by the editor as SPAM
October 16, 2006 at 10:30 am
I don't think you can ever really do this for a deployed application where the SQLExpress DB exists on the user's machine. It looks like the local admin will always be able to access it.
I was looking at http://www.vistadb.com as a possible solution for an app where the DB was installed locally, and we only wanted the users to access it through the app. It's not free, but it's a lot more reasonable than something like Sybase's desktop product.
October 30, 2006 at 12:37 pm
Yeh, MS just doesn't understand security. Especially SQL Express editions because its designed to go-public. It's a freebie to help programmers distribute DB apps more economically.
I would make the SA account and password only accessible to the original SA who setup the DB. Too bad if they loose their password. A DB admin should be more responsible and rent a safety deposit box for passwords. Good grief ............
Anyway, I just placed a new post in the SQL Express forum concerning EncryptionByKey. I think encrypting only columns of sensitive data is the answer. Encrypting all tables would be a noticible performance hit.........
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply