August 11, 2009 at 3:20 am
I have to complete a security document for a web application Im building. One of the questions concerns data deletion in a SQL Server 2005 database. At the end of a specific process in the app, data is deleted. Can I be sure that the data has actually been physically removed and cannot be recoverd (say by a data recovery service)
I need to confirm that once deleted, data is non recoverable
August 11, 2009 at 3:52 am
I'm not an expert on this issue but I'm pretty sure that as long as the disk block which had the data stored are not overwritten with some other data you can still recover it.
Also keep in mind that the inserts and deletes are logged in the transaction log and there are tools available to read them.
[font="Verdana"]Markus Bohse[/font]
August 11, 2009 at 3:53 am
MarkusB (8/11/2009)
I'm not an expert on this issue but I'm pretty sure that as long as the disk block which had the data stored are not overwritten with some other data you can still recover it.Also keep in mind that the inserts and deletes are logged in the transaction log and there are tools available to read them.
Better make sure that no unauthorized persons can access your server.
[font="Verdana"]Markus Bohse[/font]
August 12, 2009 at 6:57 am
Its difficult to ensure such security, along with the aforementioned transaction log, you have:
Backups
A row's data isn't zeroed out so can sit on disk for a while before sql server re-uses the space and overwrites it.
Information in memory can be saved out to a page file and thus could be persisted there for an indeterminate amount of time.
If you're using things like asp.net you also have to think about cached pages and data in memory.
So really it all depends upon how sensitive your information is.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply