January 5, 2009 at 7:07 pm
Hello Experts
I am primary a Oracle DBA moved into SQLServer envirionment. Where can i find URL/WhitePapers for SQL Server Security? From my side i am googling and looking into MSDN.
1. Do we have the equivalent of Table / Column encryption on disk.
2. Restricting access to specific columns (Virtual Pvt Db or VPD of Oracle).
3. Safeguarding SQL Server db open to internet.
4. Anything i missed here.
Would appreciate any feedback.
Thanks
January 5, 2009 at 8:00 pm
1. There is column-level encryption in SQL Server 2005/8, but it must be built in. If you check Books Online under Encryption Hierarchy, you'll see what is required. SQL Server 2008 Enterprise Edition supports database-level encryption (called Transparent Data Encryption), but this is to protect the data at rest.
2. Column-level permissions are possible and are actually what SQL Server works on, though most access is granted at the table/view level. The GRANT Object Permissions is what you're looking for.
3. SQL Server should never be exposed directly to the Internet. It typically should sit within the internal network where a web server connects from the DMZ. Are you looking to put a SQL Server live on the Internet or are you looking to have an Internet-facing web application using SQL Server as a back-end?
4. Check out SQLSecurity.com. Also, the how to cheat book in my sig.
K. Brian Kelley
@kbriankelley
January 6, 2009 at 3:20 pm
I am looking at a Web Application exposed to Internet with SQL Server as backend. Would appreciate if you can shed more light on it.
Thanks
January 9, 2009 at 3:42 pm
That How to Cheat at SQL Server 2005 Security is a really good book.
I finally understood the Schema fallacy in SQL2000.
Gautam
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply