September 11, 2006 at 1:49 am
Lot of issues of security have been discussed in the past. But a trivial problem of security baffles me.
It is possible for anybody to copy the mdf and ldf files of a database, copy it on another machine and have complete access over it, if he has admin rights. How is it possible to overcome this security problem.
What I need is once the database is created with a user on a particular machine, the access must be restricted to that user only and not even to sa. Is this kind of security possible in SQL Server 2000
September 12, 2006 at 2:36 am
It is possible for anybody to copy the mdf and ldf files of a database, copy it on another machine and have complete access over it
If users have access to the server such that they can shut SQL down and copy the database files off, then you have a far bigger problem than database security.
How to overcome it is simple. Secure the server. Ensure that only those who need access to the server (probably just the server admins) have access.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
September 12, 2006 at 9:14 am
Let me point out the problem from a different angle.
I have developed an application using SQL Server 2000 as the backend. When I implement the same at a client's location, he has complete access to the database. What I want to achieve is that, the database can only be accessed from my application with only my password. The client would have admin access to the server, but he is not supposed to touch the database directly.
September 12, 2006 at 9:21 am
Remove builtin\Administrators from the sysadmin role. Make sure that you have another admin account before you do that. Make sure that the sa login has a strong password.
It won't stop him from copying the data files off, but there's no way to stop a system administrator from doing that. Speak to the client's system administrators about securing the server.
That's about the best you can do if you don't have control over the infrastructure and the server.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
September 12, 2006 at 3:11 pm
What's so precious about your data that you don't want the user (i.e. the owner) to access it through anything but you interface? I wouldn't buy a software product if I couldn't have access to the data directly.
Steve B.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply