May 2, 2008 at 11:47 am
Dear all
I were thinking, we put so much effort on securing our web site and database. then host it on a shared plan or oven a vps or vds.
At the end, some admin people at hosting company have access to whole project: code and data. what to do? this is not possible for me to start a datacenter at home.
is it possible to protect code(stored procedures)? is this even possible to limit access of every one including admins to some or all parts? and is it useful? I mean they can copy file to somewere else and attack to db file.
one more thing; I want to save some encryption keys for connection of users throug web service. were to store them? I mean when my whole site is visible to hosting company (seems we are naked :P), is it meaningfull to emphesize on security of those keys?
thanks in advance
May 5, 2008 at 2:47 pm
How about something as below?
CREATE PROC myProc WITH ENCRYPTION AS
SELECT * FROM sysusers
The disavantage is that no one can view it at all. You have to keep your source code somewhere in case you would like to view or modify it.
May 6, 2008 at 12:33 am
It's an option, though the encryption is trivial to undo. There are a number of utils available on the web to decrypt 2000 or 2005 stored proc encryption.
There's no real way (especially on SQL 2000) to protect code or data from the server admins.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
May 7, 2008 at 12:20 pm
Can I ask what you guys do? trust in host company? This may be usual and reasonable. Or do you usually start your own data center? or any other way?
May 7, 2008 at 12:38 pm
Depends what it is. The database backend for my blog and personal web site. Hosted. The databases for a major bank. Own data center with own staff.
If you're hosting, make sure it's a reputable company. Contact the people, speak to management (if you can), find out what their policies and the like are.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
May 9, 2008 at 12:10 am
Thanks
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply