Security: Application Vs. File tampering

  • Hi all,

    Currently I am running SQL Server that is accessed from an app. the app requires smart card verification to make changes to the server. Unfortunately, this does not prevent users from going through to the files or the database manager to delete or see data from the server. We could use a universal password for each piece of hardware we put the server on, but this is not safe for various reasons. Is there a way to prevent file tampering while also allowing the app to access the data?

  • Assuming that you are already locking down the server to only IDs that need access, that really leaves 3 methods of accessing the database:

    1) machine admin stops the server, copies the db files, restarts the server

    2) dba (priveliged user)

    3) someone uses the application credentials to log on

    Depending on which methods you are trying to stop, you could look into some combination of column encryption, transparent data encryption (TDE), application roles, login triggers etc. Someone with admin permissions could potentially get around all of that, so top it off with plenty of auditing.

    BOL is the best place to start if you aren't familiar with those topics.

    Matt.

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply