September 7, 2013 at 2:45 am
Hello ,
please can u tell me
how to make my sqlserver 2005 database password protected.
i make a database and i want to make a password protected.
Thanks For the help
immad
September 7, 2013 at 4:39 am
There's no way to password protect a database, passwords are used on logins to SQL Server, if someone has a valid login, they can then see any databases they've been given permissions to access.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
September 7, 2013 at 4:43 am
thanks for the suggestion
is there any way to protect your table or your stored procedures ?
immad
September 7, 2013 at 5:19 am
Minimum permissions on logins, don't give everyone sa.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
September 7, 2013 at 5:26 am
ok but is only sa user name and password is enough protected by hackers.
means can any one hack my sa password
immad
September 7, 2013 at 5:58 am
Don't use sa. Use specific accounts for specific users with minimal permissions. Strong passwords or preferably windows authentication.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
December 5, 2013 at 9:22 am
And by strong, we don't mean 8 characters long.
At least 15 truly random characters is a good start.
Minimum permissions at the finest are column based permissions; if that's too difficult, table based, and if that's too difficult, schema based, and so on. Do not allow sysadmin, do not allow db_owner, do not allow securityadmin, etc. Don't give permissions that aren't actually used and needed. Don't be afraid to use DENY as well.
Keep your antivirus up to date and running (exclude data, log, and backup files), keep SQL Server patched (at least all security patches), keep Windows patched (at least all security patches), etc.
If you want to protect your data in the database, even from DBA's, you can code your application to encrypt the data. Do not write your own encryption.
If you want to protect passwords in the database, use PBKDF2, bcrypt, scrypt, or similar, with large numbers of iterations (thousands to hundreds of thousands). See http://stackoverflow.com/questions/7837547/is-there-a-sql-implementation-of-pbkdf2/12291671#12291671
If you want to protect your data in transit, turn on SSL (load a certification and turn on "Force Encryption" in SQL Server Configuration).
If you want to protect your data in files, you can use TDE (Transparent Data Encryption) in Enterprise edition, or Truecrypt, or other disk/volume level encryption software.
Note that encryption is very hard to do right - the slightest detail can be a real problem that's nearly impossible to find.
December 5, 2013 at 10:51 am
GilaMonster (9/7/2013)
Don't use sa. Use specific accounts for specific users with minimal permissions. Strong passwords or preferably windows authentication.
+1. In fact, just disable the sa login completely. If you have Windows logins that are members of the sysadmin group, you'll have access.
January 10, 2014 at 6:25 pm
GilaMonster (9/7/2013)
There's no way to password protect a database, passwordsdandp[/url] qualities of a leader[/url] D&P[/url] DNP[/url] android programming language[/url] are used on logins to SQL Server, if someone has a valid login, they can then see any databases they've been given permissions to access.
nice suggestion
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply