Post reply

security of hosted database

  • May 2, 2008 at 11:47 am

    #189845

    Dear all

    I were thinking, we put so much effort on securing our web site and database. then host it on a shared plan or oven a vps or vds.

    At the end, some admin people at hosting company have access to whole project: code and data. what to do? this is not possible for me to start a datacenter at home.

    is it possible to protect code(stored procedures)? is this even possible to limit access of every one including admins to some or all parts? and is it useful? I mean they can copy file to somewere else and attack to db file.

    one more thing; I want to save some encryption keys for connection of users throug web service. were to store them? I mean when my whole site is visible to hosting company (seems we are naked :P), is it meaningfull to emphesize on security of those keys?

    thanks in advance

  • May 5, 2008 at 2:47 pm

    #810927

    How about something as below?

    CREATE PROC myProc WITH ENCRYPTION AS

    SELECT * FROM sysusers

    The disavantage is that no one can view it at all. You have to keep your source code somewhere in case you would like to view or modify it.

  • May 6, 2008 at 12:33 am

    #811035

    It's an option, though the encryption is trivial to undo. There are a number of utils available on the web to decrypt 2000 or 2005 stored proc encryption.

    There's no real way (especially on SQL 2000) to protect code or data from the server admins.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • May 7, 2008 at 12:20 pm

    #812000

    Can I ask what you guys do? trust in host company? This may be usual and reasonable. Or do you usually start your own data center? or any other way?

  • May 7, 2008 at 12:38 pm

    #812004

    Depends what it is. The database backend for my blog and personal web site. Hosted. The databases for a major bank. Own data center with own staff.

    If you're hosting, make sure it's a reputable company. Contact the people, speak to management (if you can), find out what their policies and the like are.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • May 9, 2008 at 12:10 am

    #812813

    Thanks

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply