Advanced Protecting DataBase

  • Hello,

    I would like to protected my database :

    Schema :

    I installed my database, but I would like that windows administrateur doesn't access to database property (store procedure, table, view, backdatabase...). (I would like to lock my data base with a password)

    Is it possible ?


    Kindest Regards,

    degrem_m
    Degremont

  • Before you do anything make sure that you have granted yourself sysadmin rights by some other means than by being a local administrator.

    Then make sure that the BUILTIN\Administrators login is removed from the sysadmin server role, or you might want to remove the login completely.  Then make sure that you know what all the other logins are used for, particularly those in the sysadmins, or any other server roles. 

    As long as the BUILTIN\Administrators login is part of the sysadmin role, there is nothing you can do to keep the Windows admins from accessing anything, or doing anything in SQL Server.

    /*****************

    If most people are not willing to see the difficulty, this is mainly because, consciously or unconsciously, they assume that it will be they who will settle these questions for the others, and because they are convinced of their own capacity to do this. -Friedrich August von Hayek

    *****************/

  • Be careful about removing BUILTIN\Administrators  because when I did this I wasn't able to use the Surface Configuration Utility. 

  • I ALWAYS remove builtin\administrators and I have had no problems with the SCU.  You may have a different issue.

    /*****************

    If most people are not willing to see the difficulty, this is mainly because, consciously or unconsciously, they assume that it will be they who will settle these questions for the others, and because they are convinced of their own capacity to do this. -Friedrich August von Hayek

    *****************/

  • AS above.

    Grant the DBA group sysadmin access, drop Builtin\Administrators.

    This is the MS advised process, it does not cause problems.

    Be aware that your database is then only secure from casual misuse. For example, local administrators still have access to the mdfs and can steal the database.

  • It's ok,

    But If administrateur  kills SQL Server service, Is it possible to encrypte or protected by password my database (If he attach .mdf file in an other database ) ?

    I must deploye ERP in the company but , I don't want they change my softwarre or my database (table and procedure.). For my application, it's ok, I built my webapplication (and offuscated dll) but for my database is more complicated.


    Kindest Regards,

    degrem_m
    Degremont

  • A local administrator has full control over that machine, you cannot get away from that fact.

    You can encrypt the contents of the data, but rather than try to limit full-control, address your concerns by not granting administrator access to the machine casually. Have a single local admin account and lock the password in a safe.

  • Hello  Joseph, thank for your help.

    I woud like to protect my software. I find an alternative, I going to be install a virtal pc in the server. And I will be administror on this virtual server.


    Kindest Regards,

    degrem_m
    Degremont

  • Yes, but the issue is protect it from what?

    I've seen several posts from developers worried about people stealing the schema and not buying their product - this is covered by your clients contract with you, and you'll get a lot more out of a legal case than in sales.

    Even with compiled application code you can reverse engineer it quite easily these days.

    If you're worried about data theft - apply security and encryption.

    If you're worried about support staff mucking about, segregate OS admins from SQL admins by denying BUILTIN\Administrators.

  • While virtualization is fine for development and testing environments (as long as you aren't trying to run benchmarks) I would never run a producton SQL Server on a virtual machine.  Our tests have shown anywhere from 20% to 400% performance degradation when running SQL Server on a VM.  The 20% range was when there was only one guest operating system active, as the number of guest OSes increased the performance went downhill, at the point that there were more guest OSes than physical CPUs performance dropped off a cliff...

    /*****************

    If most people are not willing to see the difficulty, this is mainly because, consciously or unconsciously, they assume that it will be they who will settle these questions for the others, and because they are convinced of their own capacity to do this. -Friedrich August von Hayek

    *****************/

Viewing 10 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply